Description
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-2407 Vulnerability (CVE-2013-2407)
WordPress 6.0.x Multiple Vulnerabilities (6.0 - 6.0.6)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2771)
Apache HTTP Server Improper Locking Vulnerability (CVE-2004-0174)
WordPress Plugin Share Woocommerce to Email Cross-Site Scripting (1.0.1)