Description

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Remediation

References

CVE-2000-0970

Related Vulnerabilities

WordPress Plugin Archivist-Custom Archive Templates Multiple Vulnerabilities (1.7.4)

WordPress Plugin Magic Fields 2 Unspecified Vulnerability (2.3.2.2)

WordPress Plugin Rich Widget Arbitrary File Upload (0.2.4)

WordPress Plugin File Manager Unspecified Vulnerability (4.1.4)

WordPress Plugin CMP-Coming Soon & Maintenance by NiteoThemes Multiple Unspecified Vulnerabilities (4.0.9)

Severity

High

Classification

CVE-2000-0970

Tags

Missing Update Known Vulnerabilities