Authorization Bypass

perl-lwp-protocol-https is vulnerable to Authorization Bypasses. This vulnerability exists due to a flaw in the way the LWP::Protocol::https module handles certain environment variables. A remote attacker can exploit this vulnerability to disable certificate validation, which could allow them to...

new packages: perl-LWP-Protocol-https

An update is available for perl-LWP-Protocol-https. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

Mageia: Security Advisory (MGASA-2014-0257)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...

CVE-2014-3230

CVE-2014-3230 affects the libwww-perl LWP::Protocol::https module (versions 6.04–6.06) when using IO::Socket::SSL as the SSL socket class. The underlying issue is that server certificate validation can be disabled via the HTTPS_CA_DIR or HTTPS_CA_FILE environment variables. Impact described in th...

Ubuntu 14.04 LTS : LWP::Protocol::https vulnerability (USN-2292-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2292-1 advisory. It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was...

openSUSE Security Update : perl-LWP-Protocol-https (openSUSE-SU-2014:0710-1)

perl-LWP-Protocol-https was updated to prevent a possible MITM if the environment variables HTTPSCADIR or HTTPSCAFILE were set CVE-2014-3230. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Updated perl-LWP-Protocol-https package fixes CVE-2014-3230

Updated perl-LWP-Protocol-https package fixes security vulnerability: It was reported that libwww-perl LWP, when using IO::Socket::SSL the default and when the HTTPSCADIR or HTTPSCAFILE environment variables were set, would disable server certificate verification, when the intent was to only...

Fedora Update for perl-LWP-Protocol-https FEDORA-2014-6303

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 19 : perl-LWP-Protocol-https-6.04-2.fc19 (2014-6369)

This release fixes a server certification validation when a certificate authority is defined by HTTPSCADIR or HTTPSCAFILE environement variable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

[SECURITY] Fedora 19 Update: perl-LWP-Protocol-https-6.04-2.fc19

The LWP::Protocol::https module provides support for using HTTPS schemed URLs with LWP. This module is a plug-in to the LWP protocol handling, so you don't use it directly. Once the module is installed LWP is able to access sites using HTTP over SSL/TLS...

Fedora 20 : perl-LWP-Protocol-https-6.04-4.fc20 (2014-6303)

This release fixes a server certification validation when a certificate authority is defined by HTTPSCADIR or HTTPSCAFILE environement variable. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

[SECURITY] Fedora 20 Update: perl-LWP-Protocol-https-6.04-4.fc20

The LWP::Protocol::https module provides support for using HTTPS schemed URLs with LWP. This module is a plug-in to the LWP protocol handling, so you don't use it directly. Once the module is installed LWP is able to access sites using HTTP over SSL/TLS...

CVE-2014-3230

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the 1 HTTPSCADIR or 2 HTTPSCAFILE environment variable...