Filtered by vendor Adacore
Subscriptions
Filtered by product Ada Web Services
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-1035 | 1 Adacore | 1 Ada Web Services | 2024-11-21 | N/A |
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | ||||
CVE-2024-41708 | 1 Adacore | 1 Ada Web Services | 2024-09-26 | 7.5 High |
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. | ||||
CVE-2024-37015 | 1 Adacore | 1 Ada Web Services | 2024-08-14 | 7.4 High |
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers. |
Page 1 of 1.