In Apache::Session::Browseable prior to 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lemonldap-ng apache\\ \\ |
||
debian debian linux 10.0 |