28 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-37015
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to extern...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
CVE-2025-52494
The CVE-2025-52494 entry describes a DoS flaw in Adacore Ada Web Server (AWS) prior to 25.2: during SSL/TLS handshake, there is no specific timeout and the server waits indefinitely for a malformed TLS ClientHello, tying up a worker thread and allowing exhaustion of threads up to the server’s lim...
AdaCore Ada Web Server 安全漏洞
AdaCore Ada Web Server AdaCore AWS is an Ada library from AdaCore that facilitates the handling of HTTP requests and JSON. It is used to simplify the process of interacting with APIs. A security vulnerability exists in AdaCore Ada Web Server versions prior to 25.2 that stems from improper handlin...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
CVE-2024-37015
An issue was discovered in Ada Web Server 20.0. When configured to use SSL which is not the default setting, the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers...
DEBIAN-CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
UBUNTU-CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
AdaCore Ada Web Server 安全漏洞
AdaCore Ada Web Server AdaCore AWS is an Ada library from AdaCore that facilitates the handling of HTTP requests and JSON. It is used to simplify the process of interacting with APIs. A security vulnerability exists in the AdaCore Ada Web Server version 25.0.0 release, which stems from a lack of...
CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
CVE-2024-55581
When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate unless the using program specifies a TLS configuration...
PT-2025-8751 · Adacore +2 · Ada Web Server +3
Name of the Vulnerable Software and Affected Versions: AdaCore Ada Web Server version 25.0.0 Description: The issue concerns a lack of verification of an HTTPS server's certificate in the default behaviour of AWS.Client when linked with GnuTLS, making it vulnerable to a man-in-the-middle attack...
CVE-2024-55581
CVE-2024-55581 affects AdaCore Ada Web Server 25.0.0 when linked with GnuTLS, where AWS.Client defaults do not verify the HTTPS server certificate, enabling MITM attacks if TLS configuration is not explicitly set. Root cause: insecure defaults in AWS.Client with GnuTLS. Impact: potential compromi...
Fedora 41 : aws (2024-7908ee39a9)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7908ee39a9 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...
Ada Web Server 安全漏洞
Ada Web Server AWS is an AdaCore open source complete framework for developing web-based applications in Ada. A security vulnerability exists in Ada Web Server version 20.0, which stems from a vulnerability that allows an attacker to elevate privileges and steal sessions via the RandomString...