Remote Code Execution Vulnerability in Microsoft Internet Information Services
CVE-2003-1567
Currently unrated
What is CVE-2003-1567?
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 poses a significant risk as it returns the content of the original request within the response body. This allows remote attackers to exploit the method to steal sensitive cookies and authentication credentials, effectively bypassing HttpOnly protections. Furthermore, this vulnerability operates similarly to cross-site tracing (XST) attacks, wherein attackers can read the contents of the HTTP headers returned in the response, thereby compromising the security of users accessing web applications hosted on affected IIS versions.