Vulnerabilities (CVE)

Filtered by vendor Lemonldap-ng Subscribe
Filtered by product Apache\
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36659 2 Debian, Lemonldap-ng 2 Debian Linux, Apache\ 2024-11-21 N/A 8.1 HIGH
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
CVE-2020-36658 2 Debian, Lemonldap-ng 2 Debian Linux, Apache\ 2024-11-21 N/A 8.1 HIGH
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.