PT-2001-2076 · Netdynamics · Netdynamics

Published

2001-11-26

Updated

2017-12-19

CVE-2001-0922

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Netdynamics versions 4.x through 5.x

Description The issue allows remote attackers to steal session IDs and hijack user sessions. This is achieved by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Recommendations For Netdynamics versions 4.x through 5.x, consider restricting access to the login field to minimize the risk of exploitation. As a temporary workaround, avoid using the SPIDERSESSION and uniqueValue variables in the login process until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0922

Affected Products

Netdynamics

PT-2001-2076 · Netdynamics · Netdynamics

CVE-2001-0922

Related Identifiers

Affected Products

References · 4