A vulnerability has been reported to affect Microsoft IIS. It has been reported that IIS fails to log HTTP TRACK calls made to the affected server. A remote attacker may exploit this condition in order to enumerate server banners.
TRACK / HTTP/1.0 [\r\r]
Microsoft Internet Information Server (IIS) contains a flaw that may allow a remote attacker to obtain information without being logged. The issue is due to the IIS server not properly logging HTTP TRACK requests. If an attacker uses TRACK requests, they may be able to probe or attempt to exploit an IIS server undetected.
Upgrade to version 6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.