3 matches found
CVE-2010-4334
The IO::Socket::SSL module 1.35 for Perl, when verifymode is not VERIFYNONE, fails open to VERIFYNONE instead of throwing an error when a cafile/capath cannot be verified, which allows remote attackers to bypass intended certificate restrictions...
CVE-2010-4334
The IO::Socket::SSL module 1.35 for Perl, when verifymode is not VERIFYNONE, fails open to VERIFYNONE instead of throwing an error when a cafile/capath cannot be verified, which allows remote attackers to bypass intended certificate restrictions...
Fedora 13 : perl-IO-Socket-SSL-1.37-1.fc13 (2010-19054)
This update fixes a problem whereby IO::Socket::SSL fell back to the 'VERIFYNONE' verification mode if another verification mode was defined but no valid cafile or capath was provided. The updated version throws an error in that situation rather than proceeding with the connection despite being...