| Vulnerability Name: | CVE-2006-0997 (CCN-25380) | ||||||||
| Assigned: | 2006-03-03 | ||||||||
| Published: | 2006-03-03 | ||||||||
| Updated: | 2020-02-24 | ||||||||
| Summary: | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0997 Source: CCN Type: SA19324 Novell NetWare NILE.NLM SSL Negotiation Vulnerabilities Source: SECUNIA Type: UNKNOWN 19324 Source: CCN Type: SECTRACK ID: 1015799 NetWare NILE.NLM May Use a Weak Encryption Algorithm or Cleartext via the SSL Port Source: SECTRACK Type: UNKNOWN 1015799 Source: CCN Type: Novell Technical Information Document TID10100633 SSL Allows the use of Weak Ciphers Source: CONFIRM Type: UNKNOWN http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm Source: OSVDB Type: UNKNOWN 24046 Source: CCN Type: OSVDB ID: 24046 Novell NetWare NILE.NLM SSL Server Cleartext Communication Disclosure Source: BID Type: UNKNOWN 17176 Source: CCN Type: BID-17176 Novell SSL Server Multiple Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1043 Source: XF Type: UNKNOWN netware-nile-ssl-cleartext(25380) Source: XF Type: UNKNOWN netware-nile-ssl-cleartext(25380) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||