GEN:SID | 1:2243 |
Message | WEB-MISC ndcgi.exe access |
Summary | This event is generated when an attempt is made to access the web cgi application ndcgi.exe.
|
Impact | Session hijacking. Unauthorized access to resources.
|
Detailed Information | Certain versions of Netdynamics web application present an attacker with the opportunity to steal session IDs and hijack user sessions from the information contained in the SPIDERSESSION and uniqueValue variables.
|
Affected Systems | Netdynamics 4.x through 5.x
|
Attack Scenarios | The attacker can gain the information necessary to login using valid user credentials by reading the information contained in the SPIDERSESSION and uniqueValue variables.
|
Ease of Attack | Simple.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | |
Rule References | cve: 2001-0922
nessus: 11730
|