CVE-2003-1567

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) version 5.0

Description The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK method to read the contents of the HTTP headers returned in the response, similar to cross-site tracing (XST) using HTTP TRACE.

Recommendations For Microsoft Internet Information Services (IIS) version 5.0, consider disabling the TRACK method to prevent exploitation until a patch is available. Restrict access to sensitive information and authentication credentials to minimize the risk of theft.