TRACK method is enabled Security Vulnerability
DescriptionIn the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACK method. Additionally, IIS 5 does not log requests made with TRACK method.
Impact
Attackers may abuse HTTP TRACK functionality to gain access to information in HTTP headers such as cookies and authentication data.
References
W3C - RFC 2616
US-CERT VU#867593
IIS 6 WWW Service Registry Entries
Microsoft IIS Logging Failure
