CVE-2000-0970

Description

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the Session ID Cookie Marking vulnerability.

Risk Information

Base Score

6.5

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score

Exploitation Probability

38.46

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234