Back to search
CVE-2010-4334
Published: Jan 14, 2011
Modified: Aug 7, 2024
PUBLISHED
Description
The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
42757
third-party-advisory
x_refsource_SECUNIA
FEDORA-2010-19058
vendor-advisory
x_refsource_FEDORA
http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes
x_refsource_CONFIRM
45189
vdb-entry
x_refsource_BID
69626
vdb-entry
x_refsource_OSVDB
FEDORA-2010-19054
vendor-advisory
x_refsource_FEDORA
[oss-security] 20101224 IO::Socket::SSL perl module: CVE-2010-4501/CVE-2010-4334 dupe
mailing-list
x_refsource_MLIST
42508
third-party-advisory
x_refsource_SECUNIA
MDVSA-2011:092
vendor-advisory
x_refsource_MANDRIVA
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now