CVE-2024-55581

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

Published: Feb 26, 2025
Updated: May 4, 2025
CVE: CVE-2024-55581
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adacore / ada_web_server	25.0	25.0.x
debian / debian_linux	11.0	11.0.x

https://docs.adacore.com/corp/security-advisories/SEC.AWS-0056-v1.pdf
https://lists.debian.org/debian-lts-announce/2025/03/msg00007.html

Vulnerability Database

289,598

CVE-2024-55581