Описание
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Permissions RequiredVendor Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Permissions RequiredVendor Advisory
- Issue TrackingThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
4.2 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
libldap in certain third-party OpenLDAP packages has a certificate-val ...
EPSS
4.2 Medium
CVSS3
4 Medium
CVSS2