PRIOn knowledge basePRION:CVE-2010-4334

HistoryJan 14, 2011 - 1:00 a.m.

Design/Logic Flaw

2011-01-1401:00:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.

CPENameOperatorVersion
io-socket-ssleq1.35

CPE	Name	Operator	Version
	io-socket-ssl	eq	1.35

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058

cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes

osvdb.org/69626

secunia.com/advisories/42508

secunia.com/advisories/42757

www.mandriva.com/security/advisories?name=MDVSA-2011:092

www.openwall.com/lists/oss-security/2010/12/09/8

www.openwall.com/lists/oss-security/2010/12/24/1

www.securityfocus.com/bid/45189

lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html

6.8 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.7%

JSON

Related for PRION:CVE-2010-4334