CVE-2001-0922
First published: Mon Nov 26 2001(Updated: )
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun Netdynamics | =5.0 | |
| Sun Netdynamics | =4.1.2 | |
| Sun Netdynamics | =4.0 | |
| Sun Netdynamics | =4.1.3 | |
| Sun Netdynamics | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sun
- canonical/sun netdynamics
- version/sun netdynamics/5.0
- version/sun netdynamics/4.1.2
- version/sun netdynamics/4.0
- version/sun netdynamics/4.1.3
- version/sun netdynamics/4.1