CVE Vulnerabilities

CVE-2001-0922

Published: Nov 26, 2001 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Affected Software

Name Vendor Start Version End Version
Netdynamics Sun 4.0 4.0
Netdynamics Sun 4.1 4.1
Netdynamics Sun 4.1.2 4.1.2
Netdynamics Sun 4.1.3 4.1.3
Netdynamics Sun 5.0 5.0

References