CVE-2020-36659

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.

References

Affected packages

Debian:11 / libapache-session-browseable-perl

Package

Name: libapache-session-browseable-perl
Purl: pkg:deb/debian/libapache-session-browseable-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libapache-session-browseable-perl

Package

Name: libapache-session-browseable-perl
Purl: pkg:deb/debian/libapache-session-browseable-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libapache-session-browseable-perl

Package

Name: libapache-session-browseable-perl
Purl: pkg:deb/debian/libapache-session-browseable-perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/lemonldapng/apache-session-browseable

Affected ranges

Type: GIT
Repo: https://github.com/lemonldapng/apache-session-browseable
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fdf393235140b293cae5578ef136055a78f3574f

Affected versions

0.*

0.7

0.9

1.*

1.0

1.0.1

1.0.2

1.1

1.2

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

v1.*

v1.2.6

v1.2.7

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5