Ada Web Services Security Vulnerabilities and Issues — Ada Web Services CVE List

Lucene search

AdacoreAda Web Services

3 matches found

CVE•added 2024/09/25 5:15 p.m.•44 views

CVE-2024-41708

An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.

7.5CVSS7.2AI score0.00165EPSS

CVE•added 2012/02/08 9:55 p.m.•39 views

CVE-2012-1035

AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5CVSS6.8AI score0.00556EPSS

CVE•added 2024/08/13 5:15 p.m.•37 views

CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.

7.4CVSS6.8AI score0.00088EPSS