Fluid Attacks Database

Description

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libapache-session-browseable-perl	>=0 <1.3.7-1	1.3.7-1
debian 12	libapache-session-browseable-perl	>=0 <1.3.7-1	1.3.7-1
debian 13	libapache-session-browseable-perl	>=0 <1.3.7-1	1.3.7-1
debian 14	libapache-session-browseable-perl	>=0 <1.3.7-1	1.3.7-1

Aliases

1. CVE-2020-366592. NVD-2020-366593. OSV-DEBIAN-2020-366594. OSV-2020-366595. SECURITY-TRACKER-CVE-2020-36659

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.