CVE-2024-37015

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-297
View all →

Vulnerability Description

An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.

Related Vulnerabilities

CVE-2017-2912

HIGH
CVSS:7.4(High)

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept...

CWE-2972017

CVE-2020-14387

HIGH
CVSS:7.4(High)

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing ...

CWE-2972020

CVE-2022-27890

HIGH
CVSS:7.4(High)

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position ...

CWE-2972022

CVE-2023-5909

HIGH
CVSS:7.5(High)

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

CWE-2972023

CVE-2024-34447

HIGH
CVSS:7.5(High)

An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happ...

CWE-2972024

CVE-2020-15260

MEDIUM
CVSS:6.8(Medium)

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJ...

CWE-2972020