Vulnerabilities > CVE-2000-0970 - Unspecified vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

NVD

Published: 2000-12-19

Updated: 2018-10-30

Summary

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Information Services 5.0 Microsoft Internet Information Server 4.0	2

References

http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt
http://www.osvdb.org/7265
https://exchange.xforce.ibmcloud.com/vulnerabilities/5396
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080