Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20572
HistoryMay 20, 2011 - 12:00 a.m.

Perl libwww-perl (LWP)模块SSL证书验证安全策略绕过漏洞

2011-05-2000:00:00
Root
www.seebug.org
19

0.002 Low

EPSS

Percentile

57.4%

JSON

BUGTRAQ ID: 47895
CVE ID: CVE-2011-0633

CPAN(Comprehensive Perl Archive Network)中译为“Perl综合典藏网”,“Perl综合档案网”或者“Perl程序库”。它包含了极多用Perl写成的软件和其文件。

Perl libwww-perl (LWP)模块在SSL证书验证上存在安全策略绕过漏洞,远程攻击者可利用此漏洞执行中间人攻击或伪造受信任服务器。

libwww-perl (LWP) 6.00之前版本中的Net::HTTPS模块(也使用在其他产品中,如WWW::Mechanize, LWP::UserAgent)在没有设置If-SSL-Cert-Subject标头的环境下运行时,默认没有启用对SSL证书的完整验证,可使远程攻击者通过没有正确验证主机名的中间人攻击伪造服务器。

CPAN libwww-perl 5.837
厂商补丁:

CPAN

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.cpan.org

Related

debiancve 1
ubuntucve 1
cve 1
openvas 2
nvd 1
cvelist 1
nessus 7
amazon 1
prion 1
gentoo 1
debiancve
debiancve
CVE-2011-0633
2022-10-03 16:15:18
ubuntucve
ubuntucve
CVE-2011-0633
2011-05-13 00:00:00
cve
cve
CVE-2011-0633
2022-10-03 16:15:18
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2011-17)
2015-09-08 00:00:00
Gentoo Security Advisory GLSA 201402-04
2015-09-29 00:00:00
nvd
nvd
CVE-2011-0633
2011-05-13 22:55:01
cvelist
cvelist
CVE-2011-0633
2022-10-03 16:15:18
nessus
nessus
SuSE 11.1 Security Update : perl-libwww-perl (SAT Patch Number 4603)
2011-05-31 00:00:00
openSUSE Security Update : perl-libwww-perl (openSUSE-SU-2011:0552-1)
2014-06-13 00:00:00
Amazon Linux AMI : perl-libwww-perl (ALAS-2011-17)
2013-09-04 00:00:00
amazon
amazon
Medium: perl-libwww-perl
2011-10-31 18:34:00
prion
prion
Design/Logic Flaw
2011-05-13 22:55:00
gentoo
gentoo
libwww-perl: Multiple vulnerabilities
2014-02-04 00:00:00

0.002 Low

EPSS

Percentile

57.4%

JSON
Related for SSV:20572
debiancve1ubuntucve1cve1openvas2nvd1cvelist1nessus7amazon1prion1gentoo1