CVE-2003-1567

Name: CVE-2003-1567
Creator: NVD / NIST
Published: 2009-01-15T00:30:00.25+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 25.06%

Last modified Jun 16, 2026

CVE-2003-1567 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.. EPSS estimates a 25.06% chance of exploitation in the next 30 days.

Description

The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

25.06%

97.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Microsoft	Internet Information Services	5.0

References

http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.htmlExploit
http://www.aqtronix.com/Advisories/AQ-2003-02.txtExploit
http://www.kb.cert.org/vuls/id/288308US Government Resource
http://www.osvdb.org/5648Exploit
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.htmlExploit
http://www.aqtronix.com/Advisories/AQ-2003-02.txtExploit
http://www.kb.cert.org/vuls/id/288308US Government Resource
http://www.osvdb.org/5648Exploit
https://www.aqtronix.com/Advisories/AQ-2003-02.txt

Timeline

Published: Jan 15, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2003-1567?

How severe is CVE-2003-1567?

CVE-2003-1567 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 25.06% probability of exploitation in the next 30 days.

How do I fix CVE-2003-1567?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2003-1567?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST