VDB
CVE-2003-1567
CVE-2003-1567
PUBLISHED
CVSS 5.800000190734863 MEDIUM
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
EPSS 79.87% · 99.1th percentile
Risk Scores
CVSS 2.0
5.800000190734863
EPSS Score
79.87%
99.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | internet_information_services | 5.0 |
| n/a | n/a | * |
Timeline
- Jan 15, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Apr 16, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Feb 13, 2024 EPSS Score
References
- 20031227 AQ-2003-02: Microsoft IIS Logging Failure mailing-list
- VU#288308 third-party-advisory
- http://www.aqtronix.com/Advisories/AQ-2003-02.txt url
- 5648 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2003-1567 advisory