Home > Vulnerability Database > CVE-2020-36659

Mend Vulnerability Database

CVE-2020-36659

Good to know:

Date: January 27, 2023

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.

Language: Perl

Severity Score

8.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36659

Url: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f

Url: https://security-tracker.debian.org/tracker/CVE-2020-36659

Url: https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html

Url: https://www.mend.io/vulnerability-database/CVE-2020-36659

Severity Score

8.1

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version v1.3.6

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend Vulnerability Database

We found results for “”

CVE-2020-36659

Good to know:

Date: January 27, 2023

Language: Perl

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?