Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6722

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2008-6722
Last Modified 29 Apr 2009 01:27:24
Published 14 Apr 2009 12:26:56
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6722

Summary

Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.

Vulnerable Systems

Application

  • Novell Access Manager 3


References

VUPEN - ADV-2008-3012

BID - 32121

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=7001788

SECUNIA - 32554

OSVDB - 49737


Last Updated: 27 May 2016 10:49:18