The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 up to and including 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote malicious users to bypass the hostname check for a certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
io-socket-ssl io-socket-ssl 1.15 |
||
io-socket-ssl io-socket-ssl 1.16 |
||
io-socket-ssl io-socket-ssl 1.20 |
||
io-socket-ssl io-socket-ssl 1.21 |
||
io-socket-ssl io-socket-ssl 1.16_3 |
||
io-socket-ssl io-socket-ssl 1.17 |
||
io-socket-ssl io-socket-ssl 1.24 |
||
io-socket-ssl io-socket-ssl 1.25 |
||
io-socket-ssl io-socket-ssl 1.16_1 |
||
io-socket-ssl io-socket-ssl 1.16_2 |
||
io-socket-ssl io-socket-ssl 1.22 |
||
io-socket-ssl io-socket-ssl 1.23 |
||
io-socket-ssl io-socket-ssl 1.14 |
||
io-socket-ssl io-socket-ssl 1.18 |
||
io-socket-ssl io-socket-ssl 1.19 |