CVE-1999-0910

3 documents3 sources

Severity

5.0MEDIUM

EPSS

19.6%

top 4.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Commercial Internet System Microsoft Site Server Microsoft Site Server Commerce

Timeline

PublishedSep 10

Latest updateApr 30

Description

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmicrosoft/commercial_internet_system2.0, 2.5+1

▶NVDmicrosoft/site_server3.0

▶NVDmicrosoft/site3.0

🔴Vulnerability Details

GHSA

GHSA-mpf6-hxp8-4wqx: Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadverte↗2022-04-30

▶

CVEList

CVE-1999-0910: Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadverte↗2000-02-04

▶