VDB
CVE-2020-36659
CVE-2020-36659
PUBLISHED
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
EPSS 0.31% · 54.4th percentile
Risk Scores
EPSS Score
0.31%
54.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | libapache-session-browseable-perl | 1.3.4-1, 1.3.3-1, 1.3.5-1 |
| Ubuntu:18.04:LTS | libapache-session-browseable-perl | 1.2.8-1, 0, 1.2.2-1 |
| Ubuntu:16.04:LTS | libapache-session-browseable-perl | 0, 1.1-1, 1.0.2-2 |
Exploit Intelligence
Timeline
- Jan 27, 2023 CVE Published
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- May 28, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 26, 2023 EPSS Score
- Nov 5, 2023 EPSS Score
- Dec 15, 2023 EPSS Score
- Jan 25, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-36659 third-party-advisory
- https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-36659 third-party-advisory