CVE-2013-2770

Name of the Vulnerable Software and Affected Versions Novell Open Enterprise Server (OES) versions prior to 2.8

Description The issue concerns the installation functionality in the Novell Kanaka component, which fails to verify the server's X.509 certificate during an SSL session. This allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.

Recommendations For versions prior to 2.8, update to version 2.8 or later to resolve the issue. As a temporary workaround, consider disabling SSL sessions until a patch is available. Restrict access to the Novell Kanaka component to minimize the risk of exploitation.