Vulnerability Details CVE-2006-0997
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/19324
- http://securitytracker.com/id?1015799
- http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm
- http://www.osvdb.org/24046
- http://www.securityfocus.com/bid/17176
- http://www.vupen.com/english/advisories/2006/1043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25380
- http://secunia.com/advisories/19324
- http://securitytracker.com/id?1015799
- http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm
- http://www.osvdb.org/24046
- http://www.securityfocus.com/bid/17176
- http://www.vupen.com/english/advisories/2006/1043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25380
Products affected by CVE-2006-0997
-
cpe:2.3:o:novell:netware:6.5
-
cpe:2.3:o:novell:open_enterprise_server:-
-
cpe:2.3:o:novell:open_enterprise_server:1
-
cpe:2.3:o:novell:open_enterprise_server:1.x
-
cpe:2.3:o:novell:open_enterprise_server:11.0
-
cpe:2.3:o:novell:open_enterprise_server:2
-
cpe:2.3:o:novell:open_enterprise_server:2.0.1
-
cpe:2.3:o:novell:open_enterprise_server:2.0.2
-
cpe:2.3:o:novell:open_enterprise_server:2.0.3
-
cpe:2.3:o:novell:open_enterprise_server:9.0