Description
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2023-21968 Vulnerability (CVE-2023-21968)
PHP Other Vulnerability (CVE-2007-1717)
WordPress Plugin Multicons [Multiple Favicons] Cross-Site Scripting (2.1)
WordPress Plugin Quick Page/Post Redirect Security Bypass (5.1.9)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Request Forgery (3.0.6)