Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6722


Vulnerability Score 1.9 1.9
CVE Id CVE-2008-6722
Last Modified 29 Apr 2009 01:27:24
Published 14 Apr 2009 12:26:56
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE



Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.

Vulnerable Systems


  • Novell Access Manager 3


VUPEN - ADV-2008-3012

BID - 32121


SECUNIA - 32554

OSVDB - 49737

Last Updated: 27 May 2016 10:49:18