The libwww-perl LWP::Protocol::https module 6.04 up to and including 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows malicious users to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lwp\\ \\ protocol\\ |