CVE-2020-36658

Summary

CVE	CVE-2020-36658
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-01-27 05:15:00 UTC
Updated	2023-02-06 19:50:00 UTC
Description	In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.

Risk And Classification

Problem Types: CWE-295

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Lemonldap-ng	Apache	\	session\	\	ldap

References

Reference	Source	Link	Tags
Add ldapVerify option for SSL cert validation · LemonLDAPNG/Apache-Session-LDAP@490722b · GitHub	MISC	github.com
[SECURITY] [DLA 3284-1] libapache-session-ldap-perl security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181509 Debian Security Update for libapache-session-ldap-perl (DLA 3284-1)
200064 Ubuntu Security Notification for Apache Vulnerability (USN-6596-1)