Lucene search
MitreCVELIST:CVE-2011-0633HistoryOct 03, 2022 - 4:15 p.m.
CVE-2011-0633
2022-10-0316:15:18
mitre
www.cve.org
1
net::https
libwww-perl
ssl certificate
validation
spoofing
mitm attacks
The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.
Related
debiancve
debiancve
CVE-2011-0633
2022-10-03 16:15:18
ubuntucve
ubuntucve
CVE-2011-0633
2011-05-13 00:00:00
nessus
nessus
openSUSE Security Update : perl-libwww-perl (openSUSE-SU-2011:0552-1)
2014-06-13 00:00:00
Amazon Linux AMI : perl-libwww-perl (ALAS-2011-17)
2013-09-04 00:00:00
SuSE 11.1 Security Update : perl-libwww-perl (SAT Patch Number 4603)
2011-05-31 00:00:00
amazon
amazon
Medium: perl-libwww-perl
2011-10-31 18:34:00
cve
cve
CVE-2011-0633
2022-10-03 16:15:18
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2011-17)
2015-09-08 00:00:00
Gentoo Security Advisory GLSA 201402-04
2015-09-29 00:00:00
nvd
nvd
CVE-2011-0633
2011-05-13 22:55:01
prion
prion
Design/Logic Flaw
2011-05-13 22:55:00
seebug
seebug
Perl libwww-perl (LWP)模块SSL证书验证安全策略绕过漏洞
2011-05-20 00:00:00
gentoo
gentoo
libwww-perl: Multiple vulnerabilities
2014-02-04 00:00:00