4.3
CVE-2009-3024
- EPSS 1%
- Veröffentlicht 31.08.2009 20:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Io-socket-ssl ≫ Io-socket-ssl Version1.14
Io-socket-ssl ≫ Io-socket-ssl Version1.15
Io-socket-ssl ≫ Io-socket-ssl Version1.16
Io-socket-ssl ≫ Io-socket-ssl Version1.16_1
Io-socket-ssl ≫ Io-socket-ssl Version1.16_2
Io-socket-ssl ≫ Io-socket-ssl Version1.16_3
Io-socket-ssl ≫ Io-socket-ssl Version1.17
Io-socket-ssl ≫ Io-socket-ssl Version1.18
Io-socket-ssl ≫ Io-socket-ssl Version1.19
Io-socket-ssl ≫ Io-socket-ssl Version1.20
Io-socket-ssl ≫ Io-socket-ssl Version1.21
Io-socket-ssl ≫ Io-socket-ssl Version1.22
Io-socket-ssl ≫ Io-socket-ssl Version1.23
Io-socket-ssl ≫ Io-socket-ssl Version1.24
Io-socket-ssl ≫ Io-socket-ssl Version1.25
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1% | 0.581 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.30/Changes
http://secunia.com/advisories/42893
http://www.gentoo.org/security/en/glsa/glsa-201101-06.xml
http://www.openwall.com/lists/oss-security/2009/08/28/1
http://www.openwall.com/lists/oss-security/2009/08/29/1
http://www.openwall.com/lists/oss-security/2009/08/31/4
http://www.vupen.com/english/advisories/2011/0118