CVE-2020-36658

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:lemonldap-ng:apache\:\:session\:\:ldap:*:*:*:*:*:perl:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Information

Published : 2023-01-26 21:15

Updated : 2023-02-06 11:50


NVD link : CVE-2020-36658

Mitre link : CVE-2020-36658


JSON object : View

CWE
CWE-295

Improper Certificate Validation

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

lemonldap-ng

  • apache\