PT-2006-2036 · Novell · Novell Open Enterprise Server+2

Published

2006-03-23

Updated

2020-02-24

CVE-2006-0998

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Novell NetWare version 6.5 Novell Open Enterprise Server (OES)

Description The SSL server implementation in NILE.NLM sometimes selects a weak cipher instead of an available stronger cipher. This makes it easier for remote attackers to sniff and decrypt an SSL protected session.

Recommendations For Novell NetWare version 6.5, consider configuring the SSL server to prioritize stronger ciphers. For Novell Open Enterprise Server (OES), restrict the use of weak ciphers in the SSL server implementation until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0998

Affected Products

Nile.Nlm

Novell Netware

Novell Open Enterprise Server

PT-2006-2036 · Novell · Novell Open Enterprise Server+2

CVE-2006-0998

Related Identifiers

Affected Products

References · 10