PT-2009-1135 · Microsoft · Internet Information Services
Parcifal Aertssen
·
Published
2009-01-15
·
Updated
2026-05-28
·
CVE-2003-1567
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Internet Information Services (IIS) version 5.0
Description
The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK method to read the contents of the HTTP headers returned in the response, similar to cross-site tracing (XST) using HTTP TRACE.
Recommendations
For Microsoft Internet Information Services (IIS) version 5.0, consider disabling the TRACK method to prevent exploitation until a patch is available. Restrict access to sensitive information and authentication credentials to minimize the risk of theft.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Internet Information Services