CVE-2009-3024

Metadata

CVE-2009-3024
4.3
cpansearch.perl.org, lists.opensuse.org, gentoo.org, openwall.com, openwall.com, openwall.com, vupen.com
2009-08-31
2017-06-06 20:20

Description

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

Related Vulnerabilities

platform vulnerability
CVE-2009-3024 libio-socket-ssl-perl
CVE-2009-3024