VDB
CVE-2020-36658
CVE-2020-36658
PUBLISHED
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
EPSS 0.19% · 40.6th percentile
Risk Scores
EPSS Score
0.19%
40.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | libapache-session-ldap-perl | 0, 0.4-1 |
| Ubuntu:Pro:16.04:LTS | libapache-session-ldap-perl | 0, 0.4-1 |
| Ubuntu:20.04:LTS | libapache-session-ldap-perl | 0, 0.4-1 |
Exploit Intelligence
Timeline
- Jan 27, 2023 CVE Published
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- May 28, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 26, 2023 EPSS Score
- Nov 5, 2023 EPSS Score
- Dec 15, 2023 EPSS Score
- Jan 25, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36658 third-party-advisory
- https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f third-party-advisory
- https://ubuntu.com/security/notices/USN-6596-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36658 third-party-advisory