CVE-2001-0922
Netdynamics 4.x-5.x - Session Hijacking via SPIDERSESSION and uniqueValue Variables
Title source: llmDescription
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
References (3)
Core 3
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3583
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100681274915525&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7620
Scores
EPSS
0.0072
EPSS Percentile
72.6%
Details
Status
published
Products (5)
sun/netdynamics
4.0
sun/netdynamics
4.1
sun/netdynamics
4.1.2
sun/netdynamics
4.1.3
sun/netdynamics
5.0
Published
Nov 26, 2001
Tracked Since
Feb 18, 2026