Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0922

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0922
Last Modified 05 Sep 2008 04:25:14
Published 26 Nov 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0922

Summary

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Vulnerable Systems

Application

  • Sun Netdynamics 4.0

  • Sun Netdynamics 4.1

  • Sun Netdynamics 4.1.2

  • Sun Netdynamics 4.1.3

  • Sun Netdynamics 5.0


References

BID - 3583

XF - netdynamics-session-hijacking(7620)

BUGTRAQ - 20011126 NMRC Advisory - NetDynamics Session ID is Reusable


Last Updated: 27 May 2016 10:36:27