Описание
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | |
| esm-apps/bionic | released | 0.4-1ubuntu0.18.04.1~esm1 |
| esm-apps/focal | released | 0.4-1+deb10u1build0.20.04.1 |
| esm-apps/jammy | not-affected | 0.5-1 |
| esm-apps/xenial | released | 0.4-1ubuntu0.16.04.1~esm1 |
| focal | released | 0.4-1+deb10u1build0.20.04.1 |
| jammy | not-affected | 0.5-1 |
| kinetic | not-affected | |
| lunar | not-affected |
Показывать по
8.1 High
CVSS3
Связанные уязвимости
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate ...
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
8.1 High
CVSS3