Lucene search
PRIOn knowledge basePRION:CVE-2020-15719HistoryJul 14, 2020 - 2:15 p.m.
Design/Logic Flaw
2020-07-1414:15:00
PRIOn knowledge base
www.prio-n.com
7
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
| CPE | Name | Operator | Version |
|---|---|---|---|
| policy_auditor | lt | 6.5.1 | |
| openldap | eq | < 2.4.46-10.el8 | |
| leap | eq | 15.1 | |
| leap | eq | 15.2 | |
| blockchain_platform | lt | 21.1.2 | |
| enterprise_linux | eq | 8.0 |
References
lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html
access.redhat.com/errata/RHBA-2019:3674
bugs.openldap.org/show_bug.cgi?id=9266
bugzilla.redhat.com/show_bug.cgi?id=1740070
kc.mcafee.com/corporate/index?page=content&id=SB10365
www.oracle.com/security-alerts/cpuapr2022.html
Related
redhatcve
redhatcve
CVE-2020-15719
2020-07-15 15:37:57
openvas
openvas
openSUSE: Security Advisory for openldap2 (openSUSE-SU-2020:1459-1)
2020-09-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2581-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2020-1872)
2020-08-31 00:00:00
cvelist
cvelist
CVE-2020-15719
2020-07-14 13:47:31
nvd
nvd
CVE-2020-15719
2020-07-14 14:15:17
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.6.0 : openldap (EulerOS-SA-2020-2023)
2020-09-29 00:00:00
EulerOS 2.0 SP8 : openldap (EulerOS-SA-2020-1872)
2020-08-28 00:00:00
SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2020:2581-1)
2020-09-10 00:00:00
suse
suse
Security update for openldap2 (moderate)
2020-09-12 00:00:00
Security update for openldap2 (moderate)
2020-09-19 00:00:00
debiancve
debiancve
CVE-2020-15719
2020-07-14 14:15:17
f5
f5
K000140042: libldap vulnerability CVE-2020-15719
2024-06-18 00:00:00
veracode
veracode
Man-in-the-Middle
2020-07-17 04:48:01
ubuntucve
ubuntucve
CVE-2020-15719
2020-07-14 00:00:00
osv
osv
BIT-openldap-2020-15719
2024-03-06 11:02:33
rosalinux
rosalinux
Advisory ROSA-SA-2024-2372
2024-03-12 12:48:13
cve
cve
CVE-2020-15719
2020-07-14 14:15:17
redhat
redhat
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
avleonov
avleonov