Description
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
Remediation
References
Related Vulnerabilities
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.24)
WordPress Plugin MSMC-Redirect After Comment Multiple Vulnerabilities (2.1.2)
WordPress Plugin Better User Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.0)
WordPress Plugin Export any WordPress data to XML/CSV SQL Injection (1.3.4)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3663)