VYPR
Unrated severityNVD Advisory· Published Apr 14, 2009· Updated Jun 16, 2026

CVE-2008-6722

CVE-2008-6722

Description

Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:novell:access_manager:3:sp4:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:novell:access_manager:3:sp4:*:*:*:*:*:*
    • (no CPE)range: 3 SP4
  • Apache/Tomcatllm-fuzzy

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.

CVE-2008-6722 · VYPR