发布时间 :2001-11-26 00:00:00
修订时间 :2017-12-18 21:29:28

[原文]ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

[CNNVD]Sun NetDynamics会话ID劫持漏洞(CNNVD-200111-037)

        Netdynamics 4.x至5.x版及其可能早期版本的ndcgi.exe存在漏洞。远程攻击可以通过读取登录字段的SPIDERSESSION和uniqueValue变量盗取会话IDs并劫持用户会话,然后在下次用户登录时使用这些变量。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:sun:netdynamics:4.0Sun NetDynamics 4.0
cpe:/a:sun:netdynamics:4.1Sun NetDynamics 4.1
cpe:/a:sun:netdynamics:4.1.2Sun NetDynamics 4.1.2
cpe:/a:sun:netdynamics:4.1.3Sun NetDynamics 4.1.3
cpe:/a:sun:netdynamics:5.0Sun NetDynamics 5.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20011126 NMRC Advisory - NetDynamics Session ID is Reusable
(UNKNOWN)  XF  netdynamics-session-hijacking(7620)

- 漏洞信息

Sun NetDynamics会话ID劫持漏洞
高危 设计错误
2001-11-26 00:00:00 2005-10-20 00:00:00
        Netdynamics 4.x至5.x版及其可能早期版本的ndcgi.exe存在漏洞。远程攻击可以通过读取登录字段的SPIDERSESSION和uniqueValue变量盗取会话IDs并劫持用户会话,然后在下次用户登录时使用这些变量。

- 公告与补丁

        Phuzzy L0gic [] suggests that not allowing multiple logins from the same domain may help detect this attack.

- 漏洞信息

Netdynamics ndcgi.exe Previous User Session Replay
Remote / Network Access Authentication Management
Loss of Integrity Solution Unknown

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-11-26 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun NetDynamics Session ID Hijacking Vulnerability
Design Error 3583
Yes No
2001-11-26 12:00:00 2009-07-11 09:06:00
Discovered by Phuzzy L0gic [] and published in an NMRC Advisory on November 26, 2001.

- 受影响的程序版本

Sun NetDynamics 5.0
Sun NetDynamics 4.1.3
Sun NetDynamics 4.1.2
Sun NetDynamics 4.1
Sun NetDynamics 4.0

- 漏洞讨论

NetDynamics is an application server platform designed to provide a comprehensive solution for enterprise level portal applications.

When a user attempts to authenticate to NetDynamics, they are given a session id, and a random unique identifier. When a subsequent user authenticates successfully, these values may be used for a brief period of time to execute a command as that subsequent user.

An attacker with knowledge of the NetDynamics command structure may be able to hijack that user account, gaining full control over it.

It is possible that earlier versions of NetDynamics are also vulnerable.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Phuzzy L0gic [] suggests that not allowing multiple logins from the same domain may help detect this attack.

- 相关参考