Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch vQ274149
eliminates a security vulnerability in Microsoft Internet Information Server which could allow a malicious user to steal a user's secure Web session under a very restricted set of circumstances.Internet Information Server (IIS) supports the use of a session ID cookie to track the current session identifier for a Web session. However, ASP pages in IIS do not support the creation of secure session ID cookies as defined in RFC 2109. As a result, secure and non-secure pages on the same Web site use the same session ID.
If a user initiates a session with a secure Web page, a session ID cookie is generated and sent to the user, protected by SSL (Secure Sockets Layer). But if the user subsequently visits a non-secure page on the same site, the same session ID cookie is exchanged, but this time in plain text.
Any malicious user who has complete control over the communications channel, could access the plain text session ID cookie and use it to connect to the user’s session with the secure page and take any action on the secure page that is available to the user.
The conditions under which this vulnerability could be exploited are rather daunting. The malicious user would need to have complete control over the other user’s communications with the Web site. Even then, the malicious user could not make the initial connection to the secure page.
The patch eliminates the vulnerability by adding support for secure session ID cookies in ASP pages.
Conclusion
To conclude Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch works on Windows 2000 operating system(s) and can be easily downloaded using the below download link according to Freeware license. Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch download file is only 513 KB in size.Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch was filed under the Servers category and was reviewed in softlookup.com and receive 4.5/5 Score.
Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch has been tested by our team against viruses, spyware, adware, trojan, backdoors and was found to be 100% clean. We will recheck Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch when updated to assure that it remains clean.
Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch user Review
Please review Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch application and submit your comments below. We will collect all comments in an effort to determine whether the Microsoft IIS 5.0 Session ID Cookie Marking Vulnerability Patch software is reliable, perform as expected and deliver the promised features and functionalities.Popularity 9/10 - Downloads - 228 - Score - 4.5/5
Softlookup.com 2023 - Privacy Policy
| Category: | Servers |
| Publisher: | Microsoft Corporation |
| Last Updated: | 01/14/2019 |
| Requirements: | Not specified |
| License: | Freeware |
| Operating system: | Windows 2000 |
| Hits: | 451 |
| File size: | 513 KB |
| Price: | Not specified |
| Name: * |
E-Mail: * |
| Comment: * |
|