CVE-2003-1566

Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.osvdb.org/4864
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html	Exploit
http://www.securityfocus.com/bid/9313	Exploit
http://www.aqtronix.com/Advisories/AQ-2003-02.txt	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/14077

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Information

Published : 2009-01-14 16:30

Updated : 2017-08-07 18:29

NVD link : CVE-2003-1566

Mitre link : CVE-2003-1566

JSON object : View

CWE

CWE-16

Configuration

Products Affected

microsoft

internet_information_services

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/4864", "name": "4864", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html", "name": "20031227 AQ-2003-02: Microsoft IIS Logging Failure", "tags": ["Exploit"], "refsource": "NTBUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/9313", "name": "9313", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", "name": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14077", "name": "iis-improper-httptrack-logging(14077)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1566", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-01-15T00:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:29Z"}

5.0 /10