10 matches found
EUVD-2003-1556
Malware in sbrugna...
CVE-2003-1567
The undocumented TRACK method in Microsoft Internet Information Services IIS 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by usi...
CVE-2003-1566
Microsoft Internet Information Services IIS 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection...
CVE-2003-1566
Microsoft Internet Information Services IIS 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection...
CVE-2003-1567
The undocumented TRACK method in Microsoft Internet Information Services IIS 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by usi...
CVE-2003-1567
The CVE-2003-1567 issue concerns the undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0, which reportedly echoes parts of the original request back in the response body. This behavior could allow remote attackers to read sensitive information from HTTP headers, includi...
PT-2009-1135
Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services IIS version 5.0 Description The issue allows remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. This is achieved by using the undocumented TRACK...
CVE-2003-1566
CVE-2003-1566 concerns Microsoft Internet Information Services (IIS) 5.0 where requests using the TRACK method are not logged. The underlying issue is the logging gap for the TRACK method, which can allow remote attackers to access sensitive information without detection. The provided documents s...
http TRACE XSS attack
Debugging functions are enabled on the remote HTTP server. The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting...
Microsoft Internet Information Server (IIS) vulnerable to cross-site scripting via HTTP TRACK method
Overview Microsoft Internet Information Server IIS servers support a HTTP method called TRACK. The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as cookie...