CVE-2001-0922

Published: Nov 26, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Affected (5)

Products: Sun: Netdynamics

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Sun Netdynamics	Version 4.0
Sun Netdynamics	Version 4.1.2
Sun Netdynamics	Version 4.1.3
Sun Netdynamics	Version 4.1
Sun Netdynamics	Version 5.0

References (6)

http://marc.info/?l=bugtraq&m=100681274915525&w=2

Source: cve@mitre.org

http://www.securityfocus.com/bid/3583

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7620

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=100681274915525&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/3583

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/7620

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.