CVE-2010-4334

2011-01-14T01:00:00
ID CVE-2010-4334
Type cve
Reporter cve@mitre.org
Modified 2011-10-14T02:48:00

Description

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.