Описание
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...
In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
EPSS
7.5 High
CVSS3