IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2001-01-22T05:00:00
Updated: 2024-08-08T05:37:32.207Z
Reserved: 2000-11-24T00:00:00
Link: CVE-2000-0970
Vulnrichment
No data.
NVD
Status : Modified
Published: 2000-12-19T05:00:00.000
Modified: 2024-11-20T23:33:42.420
Link: CVE-2000-0970
Redhat
No data.