var-200012-0021
Vulnerability from variot
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. Under certain circumstances, Microsoft IIS will transmit the plaintext contents of Session ID Cookies that should be marked as secure. A website may require state information so that it can distinguish one user over another, especially if it undergoes a great deal of traffic load. This is especially prevalent in the case of e-commerce sites in order to keep track of an individuals shopping order, etc. as they browse from page to page. Session ID Cookies may be used as a method to acquire state information. It maintains the identity of a user as they browse a site. This is not the case if the user visits an ASP page hosted on IIS. Once the user were to visit a non-secure portion of the website, a malicious third party who had access to the network traffic between the user and the website would be able to read the contents of the cookie since it would be sent in plaintext
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200012-0021",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "1832"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by ACROS Security \u003csecurity@acros.si\u003e and C. Conrad Cady and publicized in a Microsoft Security Bulletin (MS00-080) on October 23, 2000.",
"sources": [
{
"db": "BID",
"id": "1832"
}
],
"trust": 0.3
},
"cve": "CVE-2000-0970",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2000-0970",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2000-0970",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2000-0970",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200012-141",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the \"Session ID Cookie Marking\" vulnerability. Under certain circumstances, Microsoft IIS will transmit the plaintext contents of Session ID Cookies that should be marked as secure. \nA website may require state information so that it can distinguish one user over another, especially if it undergoes a great deal of traffic load. This is especially prevalent in the case of e-commerce sites in order to keep track of an individuals shopping order, etc. as they browse from page to page. Session ID Cookies may be used as a method to acquire state information. It maintains the identity of a user as they browse a site. This is not the case if the user visits an ASP page hosted on IIS. Once the user were to visit a non-secure portion of the website, a malicious third party who had access to the network traffic between the user and the website would be able to read the contents of the cookie since it would be sent in plaintext",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0970"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"db": "BID",
"id": "1832"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2000-0970",
"trust": 2.4
},
{
"db": "OSVDB",
"id": "7265",
"trust": 1.6
},
{
"db": "BID",
"id": "1832",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000084",
"trust": 0.8
},
{
"db": "MS",
"id": "MS00-080",
"trust": 0.6
},
{
"db": "XF",
"id": "5396",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200012-141",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "1832"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"id": "VAR-200012-0021",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T15:15:17.080000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS00-080",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-080.mspx"
},
{
"title": "MS00-080",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/Bulletin/ms00-080.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.osvdb.org/7265"
},
{
"trust": 1.6,
"url": "http://www.acrossecurity.com/aspr/aspr-2000-07-22-1-pub.txt"
},
{
"trust": 1.0,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5396"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0970"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0970"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/1832"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/5396.php"
},
{
"trust": 0.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms00-080.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/fq00-080.asp"
}
],
"sources": [
{
"db": "BID",
"id": "1832"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "1832"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-10-23T00:00:00",
"db": "BID",
"id": "1832"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"date": "2000-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"date": "2000-12-19T05:00:00",
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-10-23T00:00:00",
"db": "BID",
"id": "1832"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000084"
},
{
"date": "2005-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200012-141"
},
{
"date": "2018-10-30T16:25:10.357000",
"db": "NVD",
"id": "CVE-2000-0970"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS Sessions ID Cookie leak vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200012-141"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…