CVE-1999-0910

Published: Sep 10, 1999Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user.

Affected (4)

Products: Microsoft: Commercial Internet System, Site Server, Site Server Commerce

Microsoft

3 products

Commercial Internet System

Site Server

Site Server Commerce

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Commercial Internet System	Version 2.0
Microsoft Commercial Internet System	Version 2.5
Microsoft Site Server	Version 3.0
Microsoft Site Server Commerce	Version 3.0 alpha

References (4)

http://www.securityfocus.com/bid/625

Source: cve@mitre.org

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-035

Source: cve@mitre.org

http://www.securityfocus.com/bid/625

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-035

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.