Unrated severityNVD Advisory· Published Jan 15, 2009· Updated Apr 23, 2026

CVE-2003-1567

Description

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Affected products

Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.htmlnvdExploit
www.aqtronix.com/Advisories/AQ-2003-02.txtnvdExploit
www.osvdb.org/5648nvdExploit
www.kb.cert.org/vuls/id/288308nvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.055
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000