Information Disclosure in Microsoft Internet Information Services 5.0
CVE-2003-1566

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 15 January 2009

Summary

Microsoft Internet Information Services (IIS) 5.0 fails to log requests made using the TRACK method. This deficiency allows remote attackers to exploit this oversight to extract sensitive information without being detected. The lack of adequate logging mechanisms can lead to significant security risks, as unauthorized access to critical data may occur unnoticed.

References

http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/...

mailing-listx_refsource_NTBUGTRAQ

http://www.osvdb.org/4864

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/14077

vdb-entryx_refsource_XF

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 15, 2009
Vulnerability Reserved
Jan 14, 2009