Cookie Expiration Flaw in Microsoft Site Server and Commercial Internet System
CVE-1999-0910

Currently unrated

Key Information:

Vendor: Microsoft
Status: Site Server; Commercial Internet System; Site Server Commerce
Vendor: CVE Published:; 10 September 1999

What is CVE-1999-0910?

Microsoft Site Server and Commercial Internet System (MCIS) exhibit a vulnerability due to the lack of a defined expiration for cookies. This oversight enables cached cookies to be retrieved by proxy servers, potentially exposing sensitive user data to unauthorized individuals. Without proper expiration management, a cookie from one user session may be inadvertently used in another session, leading to potential data leaks and risk of unauthorized access.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.securityfocus.com/bid/625

vdb-entryx_refsource_BID

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Dec 8, 1999
Vulnerability published
Sep 10, 1999