7265 : IIS .ASP Session ID Disclosure and Hijacking
Printer | http://osvdb.org/7265 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

5 months ago

Percent Complete

100%

Disclosure

Oct 23, 2000

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft IIS contains a flaw that may allow a malicious user to access and hijack Session ID cookies. The issue is due to .ASP in IIS using the same Session ID cookies on secure and non-secure web pages. By controlling the communications channel and requesting the non-secure pages on the same website, a remote attacker can obtain the Session ID cookie in plaintext and use it to connect to the user's session with the secure page, resulting in a loss of confidentiality and integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Hijacking, Information Disclosure
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	IIS	4.0
Microsoft Corporation	IIS	5.0

References

Bugtraq ID: 1832
Microsoft Security Bulletin: MS00-080
CIAC Advisory: l-010
Other Advisory URL: http://www.acros.si/aspr/ASPR-2000-07-22-1-PUB.txt
ISS X-Force ID: 5396
CVE ID: 2000-0970 (see also: NVD)
Keyword: aka the "Session ID Cookie Marking" vulnerability

Credit

Ron Sires - ACROS Security
C. Conrad Cady - Healinx

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

IIS

IIS

References

Credit

Blogs

Comments