Unrated severityNVD Advisory· Published Apr 14, 2009· Updated Jun 16, 2026
CVE-2008-6722
CVE-2008-6722
Description
Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:novell:access_manager:3:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:novell:access_manager:3:sp4:*:*:*:*:*:*
- (no CPE)range: 3 SP4
Patches
Vulnerability mechanics
References
5- secunia.com/advisories/32554nvdVendor Advisory
- www.vupen.com/english/advisories/2008/3012nvdVendor Advisory
- osvdb.org/49737nvd
- www.novell.com/support/viewContent.donvd
- www.securityfocus.com/bid/32121nvd
News mentions
0No linked articles in our index yet.