Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-04-14T16:00:00
Updated: 2009-04-29T09:00:00
Reserved: 2009-04-14T00:00:00
Link: CVE-2008-6722
JSON object: View
NVD Information
Status : Modified
Published: 2009-04-14T16:26:56.077
Modified: 2009-04-29T05:27:24.030
Link: CVE-2008-6722
JSON object: View
Redhat Information
No data.
CWE