Sign-up

ID

VAR-200901-0464


CVE

CVE-2003-1566


TITLE

Microsoft Internet Information Services (IIS) Vulnerable to obtaining confidential information

Trust: 0.8

sources: JVNDB: JVNDB-2009-001673

DESCRIPTION

Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. A vulnerability has been reported to affect Microsoft IIS. It has been reported that IIS fails to log HTTP TRACK calls made to the affected server. A remote attacker may exploit this condition in order to enumerate server banners

Trust: 2.16

sources: NVD: CVE-2003-1566 // JVNDB: JVNDB-2009-001673 // BID: 9313 // BID: 80383

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.9

vendor:microsoftmodel:iisscope:eqversion:5

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:iisscope:neversion:6.0

Trust: 0.3

sources: BID: 9313 // BID: 80383 // JVNDB: JVNDB-2009-001673 // CNNVD: CNNVD-200901-174 // NVD: CVE-2003-1566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1566
value: MEDIUM

Trust: 1.0

NVD: CVE-2003-1566
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200901-174
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2003-1566
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2003-1566
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2009-001673 // CNNVD: CNNVD-200901-174 // NVD: CVE-2003-1566

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.8

sources: JVNDB: JVNDB-2009-001673 // NVD: CVE-2003-1566

THREAT TYPE

network

Trust: 0.6

sources: BID: 9313 // BID: 80383

TYPE

configuration error

Trust: 0.6

sources: CNNVD: CNNVD-200901-174

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001673

PATCH
title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001673

EXTERNAL IDS
db:NVDid:CVE-2003-1566
Trust: 2.7
db:BIDid:9313
Trust: 2.2
db:OSVDBid:4864
Trust: 1.6
db:JVNDBid:JVNDB-2009-001673
Trust: 0.8
db:XFid:14077
Trust: 0.6
db:NTBUGTRAQid:20031227 AQ-2003-02: MICROSOFT IIS LOGGING FAILURE
Trust: 0.6
db:CNNVDid:CNNVD-200901-174
Trust: 0.6
db:BIDid:80383
Trust: 0.3
sources:
            
            
            BID: 9313 // 
            
            
            
            BID: 80383 // 
            
            
            
            JVNDB: JVNDB-2009-001673 // 
            
            
            
            CNNVD: CNNVD-200901-174 // 
            
            
            
            NVD: CVE-2003-1566

REFERENCES
url:http://www.aqtronix.com/advisories/aq-2003-02.txt
Trust: 2.2
url:http://www.securityfocus.com/bid/9313
Trust: 1.9
url:http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html
Trust: 1.9
url:http://www.osvdb.org/4864
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/14077
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1566
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2003-1566
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/14077
Trust: 0.6
url:http://www.microsoft.com
Trust: 0.3
sources:
            
            
            BID: 9313 // 
            
            
            
            BID: 80383 // 
            
            
            
            JVNDB: JVNDB-2009-001673 // 
            
            
            
            CNNVD: CNNVD-200901-174 // 
            
            
            
            NVD: CVE-2003-1566

CREDITS
Parcifal Aertssen
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200901-174

SOURCES
db:BIDid:9313
db:BIDid:80383
db:JVNDBid:JVNDB-2009-001673
db:CNNVDid:CNNVD-200901-174
db:NVDid:CVE-2003-1566

LAST UPDATE DATE
2024-08-14T13:18:11.390000+00:00

SOURCES UPDATE DATE
db:BIDid:9313date:2003-12-29T00:00:00
db:BIDid:80383date:2009-01-14T00:00:00
db:JVNDBid:JVNDB-2009-001673date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200901-174date:2009-01-16T00:00:00
db:NVDid:CVE-2003-1566date:2017-08-08T01:29:01.210

SOURCES RELEASE DATE
db:BIDid:9313date:2003-12-29T00:00:00
db:BIDid:80383date:2009-01-14T00:00:00
db:JVNDBid:JVNDB-2009-001673date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200901-174date:2003-12-29T00:00:00
db:NVDid:CVE-2003-1566date:2009-01-15T00:30:00.233