Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2003-1566 | First vendor Publication | 2009-01-14 |
| Vendor | Cve | Last vendor Modification | 2017-08-08 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1566 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 4864 | Microsoft IIS TRACK Logging Failure Microsoft Internet Information Server (IIS) contains a flaw that may allow a remote attacker to obtain information without being logged. The issue is due to the IIS server not properly logging HTTP TRACK requests. If an attacker uses TRACK requests, they may be able to probe or attempt to exploit an IIS server undetected. |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:02:13 |
|
| 2021-04-22 01:02:22 |
|
| 2020-05-23 00:15:39 |
|
| 2017-08-08 09:23:44 |
|
| 2016-06-28 15:04:19 |
|
| 2013-05-11 11:55:24 |
|
