Sign-up

ID

VAR-200012-0021


CVE

CVE-2000-0970


TITLE

Microsoft IIS Sessions ID Cookie leak vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2000-000084

DESCRIPTION

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. Under certain circumstances, Microsoft IIS will transmit the plaintext contents of Session ID Cookies that should be marked as secure. A website may require state information so that it can distinguish one user over another, especially if it undergoes a great deal of traffic load. This is especially prevalent in the case of e-commerce sites in order to keep track of an individuals shopping order, etc. as they browse from page to page. Session ID Cookies may be used as a method to acquire state information. It maintains the identity of a user as they browse a site. This is not the case if the user visits an ASP page hosted on IIS. Once the user were to visit a non-secure portion of the website, a malicious third party who had access to the network traffic between the user and the website would be able to read the contents of the cookie since it would be sent in plaintext

Trust: 1.89

sources: NVD: CVE-2000-0970 // JVNDB: JVNDB-2000-000084 // BID: 1832

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

sources: BID: 1832 // JVNDB: JVNDB-2000-000084 // CNNVD: CNNVD-200012-141 // NVD: CVE-2000-0970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0970
value: HIGH

Trust: 1.0

NVD: CVE-2000-0970
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200012-141
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2000-0970
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2000-000084 // CNNVD: CNNVD-200012-141 // NVD: CVE-2000-0970

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0970

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-141

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2000-000084

PATCH
title:MS00-080url:http://www.microsoft.com/technet/security/bulletin/ms00-080.mspx
Trust: 0.8
title:MS00-080url:http://www.microsoft.com/japan/technet/security/Bulletin/ms00-080.mspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2000-000084

EXTERNAL IDS
db:NVDid:CVE-2000-0970
Trust: 2.4
db:OSVDBid:7265
Trust: 1.6
db:BIDid:1832
Trust: 1.1
db:JVNDBid:JVNDB-2000-000084
Trust: 0.8
db:MSid:MS00-080
Trust: 0.6
db:XFid:5396
Trust: 0.6
db:CNNVDid:CNNVD-200012-141
Trust: 0.6
sources:
            
            
            BID: 1832 // 
            
            
            
            JVNDB: JVNDB-2000-000084 // 
            
            
            
            CNNVD: CNNVD-200012-141 // 
            
            
            
            NVD: CVE-2000-0970

REFERENCES
url:http://www.osvdb.org/7265
Trust: 1.6
url:http://www.acrossecurity.com/aspr/aspr-2000-07-22-1-pub.txt
Trust: 1.6
url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5396
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0970
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0970
Trust: 0.8
url:http://www.securityfocus.com/bid/1832
Trust: 0.8
url:http://xforce.iss.net/static/5396.php
Trust: 0.6
url:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp
Trust: 0.6
url:http://www.microsoft.com/technet/security/bulletin/fq00-080.asp
Trust: 0.3
sources:
            
            
            BID: 1832 // 
            
            
            
            JVNDB: JVNDB-2000-000084 // 
            
            
            
            CNNVD: CNNVD-200012-141 // 
            
            
            
            NVD: CVE-2000-0970

CREDITS
Discovered by ACROS Security <security@acros.si> and C. Conrad Cady and publicized in a Microsoft Security Bulletin (MS00-080) on October 23, 2000.
Trust: 0.3
sources:
            
            
            BID: 1832

SOURCES
db:BIDid:1832
db:JVNDBid:JVNDB-2000-000084
db:CNNVDid:CNNVD-200012-141
db:NVDid:CVE-2000-0970

LAST UPDATE DATE
2024-08-14T15:15:17.080000+00:00

SOURCES UPDATE DATE
db:BIDid:1832date:2000-10-23T00:00:00
db:JVNDBid:JVNDB-2000-000084date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-141date:2005-10-12T00:00:00
db:NVDid:CVE-2000-0970date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE
db:BIDid:1832date:2000-10-23T00:00:00
db:JVNDBid:JVNDB-2000-000084date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-141date:2000-12-19T00:00:00
db:NVDid:CVE-2000-0970date:2000-12-19T05:00:00