CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-6722
https://notcve.org/view.php?id=CVE-2008-6722
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache. Novell Access Manager v3 SP4 no expira adecuadamente sesiones certificadas X.509, lo cual permite a atacantes físicamente próximos obtener una sesión validada utilizando un proceso del navegador web de la víctima que continúa enviando el sessionID SSL original y válido, relacionado con la incapacidad de Apache Tomcat de limpiar entradas de la caché de SSL. • http://osvdb.org/49737 http://secunia.com/advisories/32554 http://www.novell.com/support/viewContent.do?externalId=7001788 http://www.securityfocus.com/bid/32121 http://www.vupen.com/english/advisories/2008/3012 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-3570
https://notcve.org/view.php?id=CVE-2007-3570
The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. Linux Access Gateway en Novell Access Manager anterior a 3.0 SP1 Release Candidate 1 (RC1) permite a atacantes remotos evitar controles no especificados de seguridad mediante información Fullwidth/Halfwidth codificada en Unicode en una petición POST de HTTP. • http://www.novell.com/documentation/novellaccessmanager/readme/accessmanager_readme.html#ban5hsz http://www.vupen.com/english/advisories/2007/2390 http://www.vupen.com/english/advisories/2007/3075 https://secure-support.novell.com/KanisaPlatform/Publishing/539/3193302_f.SAL_Public.html •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1309
https://notcve.org/view.php?id=CVE-2007-1309
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. Novell Access Management 3 SSLVPN Server permite a usuarios remotos autenticados evitar las restricciones VPN poniendo policy.txt como sólo lectura, desconectando, y modificando manualmente el policy.txt. • http://osvdb.org/33841 http://secunia.com/advisories/24369 http://www.securitytracker.com/id?1017722 http://www.vupen.com/english/advisories/2007/0800 https://secure-support.novell.com/KanisaPlatform/Publishing/648/3429077_f.SAL_Public.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 1CVE-2007-0110 – Novell Access Manager 3 Identity Server - 'IssueInstant' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-0110
Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en nidp/idff/sso en Novell Access Manager Identity Server anterior a 3.0.0-1013 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro IssueInstant, que no se maneja adecuadamente en el mensaje de error resultante. • https://www.exploit-db.com/exploits/29400 http://osvdb.org/31359 http://secunia.com/advisories/23654 http://securitytracker.com/id?1017483 http://www.securityfocus.com/bid/21921 http://www.vupen.com/english/advisories/2007/0073 https://secure-support.novell.com/KanisaPlatform/Publishing/143/3615264_f.SAL_Public.html •
CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •