Vulnerability Details CVE-2006-0999
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/19324
- http://securitytracker.com/id?1015799
- http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.osvdb.org/24048
- http://www.securityfocus.com/bid/17176
- http://www.securityfocus.com/bid/64758
- http://www.vupen.com/english/advisories/2006/1043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25382
- http://secunia.com/advisories/19324
- http://securitytracker.com/id?1015799
- http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.osvdb.org/24048
- http://www.securityfocus.com/bid/17176
- http://www.securityfocus.com/bid/64758
- http://www.vupen.com/english/advisories/2006/1043
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25382
Products affected by CVE-2006-0999
-
cpe:2.3:o:novell:netware:6.5
-
cpe:2.3:o:novell:open_enterprise_server:-
-
cpe:2.3:o:novell:open_enterprise_server:1
-
cpe:2.3:o:novell:open_enterprise_server:1.x
-
cpe:2.3:o:novell:open_enterprise_server:11.0
-
cpe:2.3:o:novell:open_enterprise_server:2
-
cpe:2.3:o:novell:open_enterprise_server:2.0.1
-
cpe:2.3:o:novell:open_enterprise_server:2.0.2
-
cpe:2.3:o:novell:open_enterprise_server:2.0.3
-
cpe:2.3:o:novell:open_enterprise_server:9.0