CVE-2001-0922
First published: Mon Nov 26 2001(Updated: )
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Netdynamics | =5.0 | |
| Sun Netdynamics | =4.1.2 | |
| Sun Netdynamics | =4.0 | |
| Sun Netdynamics | =4.1.3 | |
| Sun Netdynamics | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the risk associated with CVE-2001-0922?
CVE-2001-0922 allows remote attackers to steal session IDs, potentially hijacking user sessions.
Which versions of Sun Netdynamics are impacted by CVE-2001-0922?
CVE-2001-0922 affects Netdynamics versions 4.x and 5.x.
How can I mitigate CVE-2001-0922?
Mitigation for CVE-2001-0922 involves upgrading to a patched version of Netdynamics that addresses this vulnerability.
Can CVE-2001-0922 affect user data privacy?
Yes, CVE-2001-0922 can compromise user privacy by enabling session hijacking.
What security measures should be implemented against CVE-2001-0922?
Implementing secure session management practices can help protect against the risks posed by CVE-2001-0922.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/source
- vendor/sun
- canonical/sun netdynamics
- version/sun netdynamics/5.0
- version/sun netdynamics/4.1.2
- version/sun netdynamics/4.0
- version/sun netdynamics/4.1.3
- version/sun netdynamics/4.1