Описание
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sun:netdynamics:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:netdynamics:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:netdynamics:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:netdynamics:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:netdynamics:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00717
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
EPSS
Процентиль: 72%
0.00717
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other