Remote Code Execution Vulnerability in Microsoft Internet Information Services
CVE-2003-1567

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Information Services
Vendor
CVE Published:
15 January 2009

What is CVE-2003-1567?

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 poses a significant risk as it returns the content of the original request within the response body. This allows remote attackers to exploit the method to steal sensitive cookies and authentication credentials, effectively bypassing HttpOnly protections. Furthermore, this vulnerability operates similarly to cross-site tracing (XST) attacks, wherein attackers can read the contents of the HTTP headers returned in the response, thereby compromising the security of users accessing web applications hosted on affected IIS versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/...
mailing-listx_refsource_NTBUGTRAQ
http://www.kb.cert.org/vuls/id/288308
third-party-advisoryx_refsource_CERT-VN
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
x_refsource_MISC

EPSS Score

68% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.