Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests

EDB-ID:

23490




Platform:

Windows

Date:

2003-12-29


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/9313/info

A vulnerability has been reported to affect Microsoft IIS. It has been reported that IIS fails to log HTTP TRACK calls made to the affected server. A remote attacker may exploit this condition in order to enumerate server banners. 

TRACK / HTTP/1.0 [\r\r]