Vulnerability Description
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Netdynamics | 4.0 |
References
- http://marc.info/?l=bugtraq&m=100681274915525&w=2
- http://www.securityfocus.com/bid/3583PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7620
- http://marc.info/?l=bugtraq&m=100681274915525&w=2
- http://www.securityfocus.com/bid/3583PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7620
FAQ
What is CVE-2001-0922?
CVE-2001-0922 is a vulnerability with a CVSS score of 7.5 (HIGH). ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables fr...
How severe is CVE-2001-0922?
CVE-2001-0922 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0922?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Netdynamics.