Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2003-1567

EPSS 68.99% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2003-1567

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
microsoft internet_information_services 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft IIS是一款微软开发的WEB服务程序。 Microsoft Internet Information Services (IIS) 5.0版本中的无正式文件的TRACK方法会在响应正文中返还原始请求的内容,这使得远程攻击者可以通过使用TRACK读取HTTP头的内容,来窃取cookies和身份认证信任证书,或绕过HttpOnly保护机制。HTTP头会在响应在反馈回来。在技术上,该漏洞与跨站脚本攻击漏洞相似。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2003-1567

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2003-1567

登录查看更多情报信息。

Same Patch Batch · n/a · 2009-01-15 · 24 CVEs total

CVE-2009-0126Berkeley Open Infrastructure for Network授权问题漏洞
CVE-2009-0121Goople CMS 'password'参数 SQL注入漏洞
CVE-2009-0120IBM WebSphere DataPower XML Security Gateway XS40 远程拒绝服务漏洞
CVE-2003-1566Microsoft IIS服务跟踪日志绕过漏洞
CVE-1999-1593Microsoft Windows Internet Naming Service 后置链接漏洞
CVE-2009-0133microsoft html_help_workshop 缓冲区溢出漏洞
CVE-2009-0132Sun Solaris aio_suspend()整数溢出本地拒绝服务漏洞
CVE-2009-0131Sun OpenSolaris 'posix_fallocate(3C)' System Call 本地拒绝服务漏洞
CVE-2009-0130erlang _nil_ 授权问题漏洞
CVE-2009-0129Perl-Openssl libcrypt-openssl-dsa-perl安全绕过漏洞
CVE-2009-0128Llnl Simple Linux Utility for Resource Management crypto_openssl.c安全绕过漏洞
CVE-2009-0127debian 授权问题漏洞
CVE-2008-5902xrdp ‘xrdp/xrdp_bitmap.c’多个缓冲区溢出漏洞
CVE-2009-0125Nessus授权问题漏洞
CVE-2009-0124American Radio Relay League tqsllib程序openssl_cert.cpp 绕过漏洞
CVE-2009-0123apple mac_os_x 信息泄露漏洞
CVE-2009-0122HP Linux Imaging and Printing (HPLIP) "hplip.postinst" 权限许可和访问控制漏洞
CVE-2009-0029Linux kernel 输入验证错误漏洞
CVE-2008-5907libpng 未明漏洞
CVE-2008-5906KTorrent web界面插件 Eval代码注入漏洞

Showing top 20 of 24 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2003-1567

No comments yet

Leave a comment