CVE-2024-37015
CVSS 3.1 Score 7.4 of 10 (high)
Details
Published Aug 13, 2024
Updated: Aug 14, 2024
CWE ID 297
Summary
CVE-2024-37015: Ada Web Server 20.0 contains a vulnerability that allows man-in-the-middle attacks when SSL is enabled. The server fails to properly validate hostnames during SSL/TLS connection establishment to external services, making it susceptible to potential eavesdropping and data interception. This issue is significant as SSL usage is not the default setting, but when enabled, it leaves the server vulnerable to targeted attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Ada Web Server