Session Management Flaw in Novell Access Manager 3 SP4
CVE-2008-6722

Currently unrated

Key Information:

Vendor

Novell
Status
Access Manager
Vendor
CVE Published:
14 April 2009

What is CVE-2008-6722?

The vulnerability in Novell Access Manager 3 SP4 arises from improper expiration of X.509 certificate sessions. This flaw enables attackers who are physically close to the victim to exploit a logged-in session through the victim's web browser process. The browser may continue to send an unexpired and valid SSL sessionID, leading to unauthorized access. The issue is particularly related to the inability of Apache Tomcat to remove entries from its SSL cache, further exacerbating the vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/49737
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/32554
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/32121
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.