Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
References
Configurations
History
No history.
Information
Published : 2009-04-14 16:26
Updated : 2024-02-28 11:21
NVD link : CVE-2008-6722
Mitre link : CVE-2008-6722
CVE.ORG link : CVE-2008-6722
JSON object : View
Products Affected
novell
- access_manager
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor