PT-2023-12674 · Johnson Controls · Johnson Controls System Configuration Tool

Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie in an HTTPS session due to the la...

CVE-2000-0970

CVE-2000-0970 affects IIS 4.0 and 5.0 where ASP pages send the same Session ID cookie for secure and insecure sessions, enabling potential remote hijacking of a user’s secure session if they transition to insecure web traffic. The root cause is cookie marking across session contexts, leading to p...