Vulnerability Description
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Services | 5.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.htmlExploit
- http://www.aqtronix.com/Advisories/AQ-2003-02.txtExploit
- http://www.kb.cert.org/vuls/id/288308US Government Resource
- http://www.osvdb.org/5648Exploit
- http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.htmlExploit
- http://www.aqtronix.com/Advisories/AQ-2003-02.txtExploit
- http://www.kb.cert.org/vuls/id/288308US Government Resource
- http://www.osvdb.org/5648Exploit
FAQ
What is CVE-2003-1567?
CVE-2003-1567 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers t...
How severe is CVE-2003-1567?
CVE-2003-1567 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1567?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services.