ID

VAR-200012-0021


CVE

CVE-2000-0970


TITLE

Microsoft IIS Sessions ID Cookie leak vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2000-000084

DESCRIPTION

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. Under certain circumstances, Microsoft IIS will transmit the plaintext contents of Session ID Cookies that should be marked as secure. A website may require state information so that it can distinguish one user over another, especially if it undergoes a great deal of traffic load. This is especially prevalent in the case of e-commerce sites in order to keep track of an individuals shopping order, etc. as they browse from page to page. Session ID Cookies may be used as a method to acquire state information. It maintains the identity of a user as they browse a site. This is not the case if the user visits an ASP page hosted on IIS. Once the user were to visit a non-secure portion of the website, a malicious third party who had access to the network traffic between the user and the website would be able to read the contents of the cookie since it would be sent in plaintext

Trust: 1.89

sources: NVD: CVE-2000-0970 // JVNDB: JVNDB-2000-000084 // BID: 1832

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 1.1

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 1.1

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

sources: BID: 1832 // JVNDB: JVNDB-2000-000084 // CNNVD: CNNVD-200012-141 // NVD: CVE-2000-0970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0970
value: HIGH

Trust: 1.0

NVD: CVE-2000-0970
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200012-141
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2000-0970
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2000-000084 // CNNVD: CNNVD-200012-141 // NVD: CVE-2000-0970

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0970

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-141

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-141

CONFIGURATIONS

sources: JVNDB: JVNDB-2000-000084

PATCH

title:MS00-080url:http://www.microsoft.com/technet/security/bulletin/ms00-080.mspx

Trust: 0.8

title:MS00-080url:http://www.microsoft.com/japan/technet/security/Bulletin/ms00-080.mspx

Trust: 0.8

sources: JVNDB: JVNDB-2000-000084

EXTERNAL IDS

db:NVDid:CVE-2000-0970

Trust: 2.4

db:OSVDBid:7265

Trust: 1.6

db:BIDid:1832

Trust: 1.1

db:JVNDBid:JVNDB-2000-000084

Trust: 0.8

db:MSid:MS00-080

Trust: 0.6

db:XFid:5396

Trust: 0.6

db:CNNVDid:CNNVD-200012-141

Trust: 0.6

sources: BID: 1832 // JVNDB: JVNDB-2000-000084 // CNNVD: CNNVD-200012-141 // NVD: CVE-2000-0970

REFERENCES

url:http://www.osvdb.org/7265

Trust: 1.6

url:http://www.acrossecurity.com/aspr/aspr-2000-07-22-1-pub.txt

Trust: 1.6

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/5396

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2000-0970

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2000-0970

Trust: 0.8

url:http://www.securityfocus.com/bid/1832

Trust: 0.8

url:http://xforce.iss.net/static/5396.php

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp

Trust: 0.6

url:http://www.microsoft.com/technet/security/bulletin/fq00-080.asp

Trust: 0.3

sources: BID: 1832 // JVNDB: JVNDB-2000-000084 // CNNVD: CNNVD-200012-141 // NVD: CVE-2000-0970

CREDITS

Discovered by ACROS Security <security@acros.si> and C. Conrad Cady and publicized in a Microsoft Security Bulletin (MS00-080) on October 23, 2000.

Trust: 0.3

sources: BID: 1832

SOURCES

db:BIDid:1832
db:JVNDBid:JVNDB-2000-000084
db:CNNVDid:CNNVD-200012-141
db:NVDid:CVE-2000-0970

LAST UPDATE DATE

2024-08-14T15:15:17.080000+00:00


SOURCES UPDATE DATE

db:BIDid:1832date:2000-10-23T00:00:00
db:JVNDBid:JVNDB-2000-000084date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-141date:2005-10-12T00:00:00
db:NVDid:CVE-2000-0970date:2018-10-30T16:25:10.357

SOURCES RELEASE DATE

db:BIDid:1832date:2000-10-23T00:00:00
db:JVNDBid:JVNDB-2000-000084date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200012-141date:2000-12-19T00:00:00
db:NVDid:CVE-2000-0970date:2000-12-19T05:00:00