Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IIS劫持该用户安全web会话漏洞
Vulnerability Description
IIS 4.0和 5.0版本.ASP页面向安全和不安全的web会话发送相同Session ID cookie。如果用户移动到不安全会话,远程攻击者可以劫持该用户的安全web会话,也称为“会话ID cookie标记”漏洞。
CVSS Information
N/A
Vulnerability Type
N/A