[原文]The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.
Novell NetWare NILE.NLM SSL Server Unspecified Weak Encryption Support
Remote / Network Access
Loss of Confidentiality
Novell NetWare and Novell Open Enterprise Server contains a unspecified flaw that may allow a malicious user to use a less secure SSL connection. The issue is triggered because SSL server implementation in NILE.NLM sometimes selects a weak cipher instead of an available stronger cipher. It is possible that the flaw may allow remote attackers to decrypt contents of an SSL protected session resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch NILE65SP5A.EXE to address this vulnerability.