Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1566

CWE-164 documents4 sources
Severity
5.0MEDIUM
EPSS
9.3%
top 7.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedJan 15
Latest updateApr 29

Description

Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vcf4-vc8p-226r: Microsoft Internet Information Services (IIS) 52022-04-29
CVEList
CVE-2003-1566: Microsoft Internet Information Services (IIS) 52009-01-15

💥Exploits & PoCs

1
Exploit-DB
Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests2003-12-29
CVE-2003-1566 (MEDIUM CVSS 5) | Microsoft Internet Information Serv | cvebase.io