Description

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Remediation

References

CVE-2000-0970

Related Vulnerabilities

WordPress Plugin PropertyHive Cross-Site Scripting (1.4.14)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7833)

Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-6308)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Unspecified Vulnerability (5.7)

WordPress Plugin Advanced Classifieds & Directory Pro Security Bypass (1.6.2)

Severity

High

Classification

CVE-2000-0970

Tags

Missing Update Known Vulnerabilities