SecuritySpace - CVE-2003-1567

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2003-1567

Description: The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2003-1567
CERT/CC vulnerability note: VU#288308
http://www.kb.cert.org/vuls/id/288308
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html
http://www.osvdb.org/5648

CVE ID:	CVE-2003-1567
Description:	The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2003-1567 CERT/CC vulnerability note: VU#288308 http://www.kb.cert.org/vuls/id/288308 http://www.aqtronix.com/Advisories/AQ-2003-02.txt http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.osvdb.org/5648