CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41708
https://notcve.org/view.php?id=CVE-2024-41708
25 Sep 2024 — An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37015
https://notcve.org/view.php?id=CVE-2024-37015
13 Aug 2024 — An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers. • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0031-v2.pdf • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1035
https://notcve.org/view.php?id=CVE-2012-1035
08 Feb 2012 — AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. AdaCore Ada Web Services (AWS), antes de v2.10.2 calcula los valores hash de los parámetros de los formularios que podrían generar colisiones, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante e... • http://archives.neohapsis.com/archives/bugtraq/2012-01/0169.html • CWE-20: Improper Input Validation •