79 matches found
EUVD-2020-24105
Malware in sbrugna...
EUVD-2020-24104
Malware in sbrugna...
[SECURITY] Fedora 42 Update: lemonldap-ng-2.21.3-1.fc42
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
Linux Distros Unpatched Vulnerability : CVE-2020-36659
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the...
CVE-2020-36658
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
[SECURITY] Fedora 41 Update: lemonldap-ng-2.20.1-1.fc41
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 39 Update: lemonldap-ng-2.20.1-1.fc39
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
[SECURITY] Fedora 40 Update: lemonldap-ng-2.20.1-1.fc40
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as...
USN-6596-1 libapache-session-ldap-perl vulnerability
It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked into opening a specially crafted invalid X.509 certificate, a remote attacker could possibly use this issue to perform spoofing and obtain sensitive informati...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Apache::Session::LDAP vulnerability (USN-6596-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6596-1 advisory. It was discovered that Apache::Session::LDAP incorrectly handled invalid X.509 certificates. If a user or an automated system were tricked...
Debian dla-3285 : libapache-session-browseable-perl - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3285 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3285-1 [email protected]...
Debian dla-3284 : libapache-session-ldap-perl - security update
The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3284 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3284-1 [email protected]...
[SECURITY] [DLA 3287-1] lemonldap-ng security update
Debian LTS Advisory DLA-3287-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS Package : lemonldap-ng Version : 2.0.2+ds-7+deb10u8 CVE ID : CVE-2020-16093 CVE-2022-37186 Two vulnerabilities were found in lemonldap-ng, an...
[SECURITY] [DLA 3284-1] libapache-session-ldap-perl security update
Debian LTS Advisory DLA-3284-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 28, 2023 https://wiki.debian.org/LTS Package : libapache-session-ldap-perl Version : 0.4-1+deb10u1 CVE ID : CVE-2020-36658 In Apache::Session::LDAP before 0.5, validity of the...
DEBIAN-CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
DEBIAN-CVE-2020-36658
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
UBUNTU-CVE-2020-36658
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
Design/Logic Flaw
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...