On 12/6/24 19:45, Björn Persson via Ada wrote:
> Anyone who uses the client-side HTTPS functionality of the Ada Web
> Server library needs to know about CVE-2024-37015. HTTPS requests made
> with AWS.Client are vulnerable to monster-in-the-middle attacks.
>
> Here's the announcement from Adacore:
> https://docs.adacore.com/corp/security-advisories/SEC.AWS-0031-v2.pdf
Wow, that's not a rocket-science-kind-of a vulnerability but rather a
really bad implementation of TLS! Quite a surprise to see this in one of
the official libraries from AdaCore!
Thanks for the heads-up!
--
Vratislav
--
_______________________________________________
Ada mailing list -- ada@lists.fedoraproject.org
To unsubscribe send an email to ada-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/ada@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment