Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IO::Socket::SSL模块verify_hostname_of_cert()函数绕过安全限制漏洞
Vulnerability Description
IO::Socket::SSL是一个Perl模块,使用SSL加密数据。 在没有通配符的情况下IO::Socket::SSL模块的verify_hostname_of_cert()函数仅匹配了主机名的前缀。例如,将www.example.org匹配到了www.exam的证书,这允许远程攻击者绕过验证建立错误的信任关系。
CVSS Information
N/A
Vulnerability Type
N/A