Lucene search

K

[email protected]NVD:CVE-2010-4334

HistoryJan 14, 2011 - 1:00 a.m.

CVE-2010-4334

2011-01-1401:00:03

CWE-310

[email protected]

web.nvd.nist.gov

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.4%

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

Affected configurations

NVD

Node

io-socket-sslio-socket-sslMatch1.35

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058

cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes

lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html

osvdb.org/69626

secunia.com/advisories/42508

secunia.com/advisories/42757

www.mandriva.com/security/advisories?name=MDVSA-2011:092

www.openwall.com/lists/oss-security/2010/12/09/8

www.openwall.com/lists/oss-security/2010/12/24/1

www.securityfocus.com/bid/45189

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.4%

Related for NVD:CVE-2010-4334

openvas8 prion2 nessus4 cve2 fedora2 ubuntucve1 securityvulns2 cvelist1 debiancve1 nvd1