ID CVE-2006-0999
Summary The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
References
Vulnerable Configurations
  • cpe:2.3:o:novell:open_enterprise_server:*:*:*:*:*:*:*:*
    cpe:2.3:o:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:sp2:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:sp2:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:sp3:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:sp3:*:*:*:*:*:*
  • cpe:2.3:o:novell:netware:6.5:sp4:*:*:*:*:*:*
    cpe:2.3:o:novell:netware:6.5:sp4:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-02-2020 - 14:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid
  • 17176
  • 64758
confirm
osvdb 24048
sectrack 1015799
secunia 19324
vupen ADV-2006-1043
xf netware-nile-forced-weak-encryption(25382)
Last major update 24-02-2020 - 14:15
Published 23-03-2006 - 11:06
Last modified 24-02-2020 - 14:15
Back to Top