Lucene search

K

RedhatCVELIST:CVE-2010-4334

HistoryJan 14, 2011 - 12:00 a.m.

CVE-2010-4334

2011-01-1400:00:00

redhat

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.3%

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058

cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes

lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html

osvdb.org/69626

secunia.com/advisories/42508

secunia.com/advisories/42757

www.mandriva.com/security/advisories?name=MDVSA-2011:092

www.openwall.com/lists/oss-security/2010/12/09/8

www.openwall.com/lists/oss-security/2010/12/24/1

www.securityfocus.com/bid/45189

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.3%

Related for CVELIST:CVE-2010-4334

openvas8 nessus4 debiancve1 nvd2 cve2 fedora2 securityvulns2 ubuntucve1 prion2