4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.0%
The verify_hostname_of_cert function in the certificate checking feature in
IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix
of a hostname when no wildcard is used, which allows remote attackers to
bypass the hostname check for a certificate.
Author | Note |
---|---|
mdeslaur | versions < 1.14 don’t check ssl certs at all |