CVE-2009-3024

2009-08-31T20:30:00
ID CVE-2009-3024
Type cve
Reporter cve@mitre.org
Modified 2011-01-20T06:35:00

Description

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.