The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-08-31T20:00:00
Updated: 2024-08-07T06:14:55.277Z
Reserved: 2009-08-31T00:00:00
Link: CVE-2009-3024
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-08-31T20:30:01.093
Modified: 2011-01-20T06:35:32.120
Link: CVE-2009-3024
Redhat