CVE-2009-3024

2009-08-31T16:30:01
ID CVE-2009-3024
Type cve
Reporter NVD
Modified 2011-01-20T01:35:32

Description

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.