Lucene search

[email protected]CVE-2008-6722

HistoryApr 14, 2009 - 4:26 p.m.

CVE-2008-6722

2009-04-1416:26:00

CWE-200

[email protected]

web.nvd.nist.gov

novell access manager

x.509

session hijacking

ssl

apache tomcat

security vulnerability

7.2 High

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim’s web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.

CPENameOperatorVersion
novell:access_managernovell access managereq3

CPE	Name	Operator	Version
novell:access_manager	novell access manager	eq	3

References

osvdb.org/49737

secunia.com/advisories/32554

www.novell.com/support/viewContent.do?externalId=7001788

www.securityfocus.com/bid/32121

www.vupen.com/english/advisories/2008/3012

7.2 High

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.5%

JSON

Related for CVE-2008-6722

cvelist1 prion1