Lucene search

[email protected]NVD:CVE-2011-0633

HistoryMay 13, 2011 - 10:55 p.m.

CVE-2011-0633

2011-05-1322:55:01

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.4%

JSON

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.

Affected configurations

NVD

Node

gisle_aaslibwww-perlMatch0.01

gisle_aaslibwww-perlMatch0.02

gisle_aaslibwww-perlMatch0.03

gisle_aaslibwww-perlMatch0.04

gisle_aaslibwww-perlMatch5.00

gisle_aaslibwww-perlMatch5.01

gisle_aaslibwww-perlMatch5.02

gisle_aaslibwww-perlMatch5.03

gisle_aaslibwww-perlMatch5.04

gisle_aaslibwww-perlMatch5.05

gisle_aaslibwww-perlMatch5.06

gisle_aaslibwww-perlMatch5.07

gisle_aaslibwww-perlMatch5.08

gisle_aaslibwww-perlMatch5.09

gisle_aaslibwww-perlMatch5.10

gisle_aaslibwww-perlMatch5.11

gisle_aaslibwww-perlMatch5.12

gisle_aaslibwww-perlMatch5.13

gisle_aaslibwww-perlMatch5.14

gisle_aaslibwww-perlMatch5.15

gisle_aaslibwww-perlMatch5.16

gisle_aaslibwww-perlMatch5.17

gisle_aaslibwww-perlMatch5.18

gisle_aaslibwww-perlMatch5.18_03

gisle_aaslibwww-perlMatch5.18_04

gisle_aaslibwww-perlMatch5.18_05

gisle_aaslibwww-perlMatch5.19

gisle_aaslibwww-perlMatch5.20

gisle_aaslibwww-perlMatch5.21

gisle_aaslibwww-perlMatch5.22

gisle_aaslibwww-perlMatch5.30

gisle_aaslibwww-perlMatch5.31

gisle_aaslibwww-perlMatch5.32

gisle_aaslibwww-perlMatch5.33

gisle_aaslibwww-perlMatch5.34

gisle_aaslibwww-perlMatch5.35

gisle_aaslibwww-perlMatch5.36

gisle_aaslibwww-perlMatch5.41

gisle_aaslibwww-perlMatch5.42

gisle_aaslibwww-perlMatch5.43

gisle_aaslibwww-perlMatch5.44

gisle_aaslibwww-perlMatch5.45

gisle_aaslibwww-perlMatch5.46

gisle_aaslibwww-perlMatch5.47

gisle_aaslibwww-perlMatch5.48

gisle_aaslibwww-perlMatch5.49

gisle_aaslibwww-perlMatch5.50

gisle_aaslibwww-perlMatch5.51

gisle_aaslibwww-perlMatch5.52

gisle_aaslibwww-perlMatch5.53

gisle_aaslibwww-perlMatch5.53_90

gisle_aaslibwww-perlMatch5.53_91

gisle_aaslibwww-perlMatch5.53_92

gisle_aaslibwww-perlMatch5.53_93

gisle_aaslibwww-perlMatch5.53_94

gisle_aaslibwww-perlMatch5.53_95

gisle_aaslibwww-perlMatch5.53_96

gisle_aaslibwww-perlMatch5.53_97

gisle_aaslibwww-perlMatch5.60

gisle_aaslibwww-perlMatch5.61

gisle_aaslibwww-perlMatch5.62

gisle_aaslibwww-perlMatch5.63

gisle_aaslibwww-perlMatch5.64

gisle_aaslibwww-perlMatch5.65

gisle_aaslibwww-perlMatch5.66

gisle_aaslibwww-perlMatch5.67

gisle_aaslibwww-perlMatch5.68

gisle_aaslibwww-perlMatch5.69

gisle_aaslibwww-perlMatch5.70

gisle_aaslibwww-perlMatch5.71

gisle_aaslibwww-perlMatch5.72

gisle_aaslibwww-perlMatch5.73

gisle_aaslibwww-perlMatch5.74

gisle_aaslibwww-perlMatch5.75

gisle_aaslibwww-perlMatch5.76

gisle_aaslibwww-perlMatch5.77

gisle_aaslibwww-perlMatch5.78

gisle_aaslibwww-perlMatch5.79

gisle_aaslibwww-perlMatch5.800

gisle_aaslibwww-perlMatch5.801

gisle_aaslibwww-perlMatch5.802

gisle_aaslibwww-perlMatch5.803

gisle_aaslibwww-perlMatch5.804

gisle_aaslibwww-perlMatch5.805

gisle_aaslibwww-perlMatch5.806

gisle_aaslibwww-perlMatch5.807

gisle_aaslibwww-perlMatch5.808

gisle_aaslibwww-perlMatch5.810

gisle_aaslibwww-perlMatch5.811

gisle_aaslibwww-perlMatch5.812

gisle_aaslibwww-perlMatch5.813

gisle_aaslibwww-perlMatch5.814

gisle_aaslibwww-perlMatch5.815

gisle_aaslibwww-perlMatch5.816

gisle_aaslibwww-perlMatch5.817

gisle_aaslibwww-perlMatch5.818

gisle_aaslibwww-perlMatch5.819

gisle_aaslibwww-perlMatch5.820

gisle_aaslibwww-perlMatch5.821

gisle_aaslibwww-perlMatch5.822

gisle_aaslibwww-perlMatch5.823

gisle_aaslibwww-perlMatch5.824

gisle_aaslibwww-perlMatch5.825

gisle_aaslibwww-perlMatch5.826

gisle_aaslibwww-perlMatch5.827

gisle_aaslibwww-perlMatch5.828

gisle_aaslibwww-perlMatch5.829

gisle_aaslibwww-perlMatch5.830

gisle_aaslibwww-perlMatch5.831

gisle_aaslibwww-perlMatch5.832

gisle_aaslibwww-perlMatch5.833

gisle_aaslibwww-perlMatch5.834

gisle_aaslibwww-perlMatch5.836

gisle_aaslibwww-perlMatch5b5

gisle_aaslibwww-perlMatch5b6

gisle_aaslibwww-perlMatch5b7

gisle_aaslibwww-perlMatch5b8

gisle_aaslibwww-perlMatch5b9

gisle_aaslibwww-perlMatch5b10

gisle_aaslibwww-perlMatch5b11

gisle_aaslibwww-perlMatch5b12

gisle_aaslibwww-perlMatch5b13

search.cpanlibwww-perlRange≤5.837

search.cpanlibwww-perlMatch5.40_01

References

cpansearch.perl.org/src/GAAS/libwww-perl-6.02/Changes

vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html

vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.4%

JSON

Related for NVD:CVE-2011-0633

cve1 openvas2 cvelist1 nessus7 debiancve1 ubuntucve1 amazon1 prion1 seebug1 gentoo1