漏洞类别:Web server漏洞等级: 
漏洞信息
Microsoft's IIS Version 4.0 and 5.0 ASP pages send the same Session ID cookie for secure and insecure Web sessions. A remote unauthorized user may be able to hijack the secure Web session of a legitimate user. This is possible if the legitimate user moves to an insecure session. This is also known as the "Session ID Cookie Marking" vulnerability.
We do not perform active tests for this vulnerability; therefore, if you know that you've already applied the appropriate patch (see the Solution field below), you can safely disregard this notice.
漏洞危害
If successfully exploited, a remote unauthorized user may be able to hijack the secure web session of a legitimate user.
解决方案
Microsoft released the following patches to resolve this issue:
0day
文章评论