CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2000-0970

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.385

EPSS Ranking 97.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt
http://www.osvdb.org/7265
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080
https://exchange.xforce.ibmcloud.com/vulnerabilities/5396
http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt
http://www.osvdb.org/7265
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080
https://exchange.xforce.ibmcloud.com/vulnerabilities/5396

Products affected by CVE-2000-0970

Microsoft » Internet Information Server » Version: 4.0

cpe:2.3:a:microsoft:internet_information_server:4.0
Microsoft » Internet Information Services » Version: 5.0

cpe:2.3:a:microsoft:internet_information_services:5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2000-0970

Products

Pricing

Contact Us