In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apache::session::browsable | Lemonldap-ng | * | 1.3.6 (excluding) |
Libapache-session-browseable-perl | Ubuntu | bionic | * |
Libapache-session-browseable-perl | Ubuntu | trusty | * |
Libapache-session-browseable-perl | Ubuntu | upstream | * |
Libapache-session-browseable-perl | Ubuntu | xenial | * |