Filtered by vendor Io-socket-ssl
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4334 | 1 Io-socket-ssl | 1 Io-socket-ssl | 2011-10-13 | 4.0 MEDIUM | N/A |
The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions. | |||||
CVE-2009-3024 | 1 Io-socket-ssl | 1 Io-socket-ssl | 2011-01-19 | 4.3 MEDIUM | N/A |
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate. |