Описание
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libaws | removed | package |
Примечания
https://docs.adacore.com/corp/security-advisories/SEC.AWS-0056-v1.pdf
Fixed by: https://github.com/AdaCore/aws/commit/3e9df7f8712112d653884610c7518cace6c16e41 (master)
Fixed by: https://github.com/AdaCore/aws/commit/30bccf02675c6022b061481c603f1da501e30572 (v25.1.0)
Followup (test renames): https://github.com/AdaCore/aws/commit/0616c672df44091bec69effd74867ed60d4ea866 (v25.1.0)
EPSS
Связанные уязвимости
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).
EPSS