CVE-2003-1567

Published: 15/01/2009 Updated: 16/01/2009

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote malicious users to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet information services 5.0

A vulnerability in the HTTP TRACK/TRACE method of the Cisco Enterprise Content Delivery System (ECDS) could allow an unauthenticated, remote attacker read access to some information stored in the affected system The vulnerability is due to an affected web server An attacker could exploit this vulnerability by using TRACK to read the content of t ...

CWE-200 http://www.osvdb.org/5648 http://www.aqtronix.com/Advisories/AQ-2003-02.txt http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.kb.cert.org/vuls/id/288308 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140807-CVE-2003-1567

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1567

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect