CVE-2024-37015

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 14, 2024
CWE ID 297

Summary

CVE-2024-37015: Ada Web Server 20.0 contains a vulnerability that allows man-in-the-middle attacks when SSL is enabled. The server fails to properly validate hostnames during SSL/TLS connection establishment to external services, making it susceptible to potential eavesdropping and data interception. This issue is significant as SSL usage is not the default setting, but when enabled, it leaves the server vulnerable to targeted attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share