Cookie Expiration Flaw in Microsoft Site Server and Commercial Internet System
CVE-1999-0910
Currently unrated
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 10 September 1999
What is CVE-1999-0910?
Microsoft Site Server and Commercial Internet System (MCIS) exhibit a vulnerability due to the lack of a defined expiration for cookies. This oversight enables cached cookies to be retrieved by proxy servers, potentially exposing sensitive user data to unauthorized individuals. Without proper expiration management, a cookie from one user session may be inadvertently used in another session, leading to potential data leaks and risk of unauthorized access.