| VID |
210156 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
Web server on the host system is vulnerable to cookie spoofing. Cookie is a small piece of data sent from a website and stored in a user's web browser. Attackers can get other user's valid session or important information by modifying this cookie's information. The web server is using unprotected cookies, so attackers can pretend to be other users or get an elevated privilege role in the session by using the cookie.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Take the following steps:
Use Server Side Session that is vulnerable instead of cookie. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
