CVE-2008-6722

Name of the Vulnerable Software and Affected Versions: Novell Access Manager version 3 SP4

Description: The issue is related to the improper expiration of X.509 certificate sessions, allowing physically proximate attackers to obtain a logged-in session. This occurs when a victim's web-browser process continues to send the original and valid SSL sessionID. The problem is also related to the inability of Apache Tomcat to clear entries from its SSL cache.

Recommendations: For Novell Access Manager version 3 SP4, consider restricting access to the SSL cache to minimize the risk of exploitation. As a temporary workaround, restrict the use of X.509 certificate sessions until a proper fix is available.