Perl IO::Socket::SSL 'verify_mode' Security Bypass Vulnerability Network Vulnerability

Summary

The IO::Socket::SSL module for Perl is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to bypass certain security restrictions, which may aid in spoofing attacks. Versions prior to IO::Socket::SSL 1.35 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
http://search.cpan.org/dist/IO-Socket-SSL/
https://www.securityfocus.com/bid/45189

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-4334

CVSS	Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability

Take action and discover your vulnerabilities