CVE-2024-37015

Name of the Vulnerable Software and Affected Versions Ada Web Server version 20.0

Description An issue was discovered in Ada Web Server when configured to use SSL, which is not the default setting. The SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.

Recommendations For Ada Web Server version 20.0, consider disabling SSL/TLS connections to external services until a patch is available. As a temporary workaround, restrict the use of SSL/TLS connections to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.