PT-2014-5152 · Perl+1 · Libwww-Perl+1

Publicado

2014-05-07

Atualizado

2024-06-15

CVE-2014-3230

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions libwww-perl LWP::Protocol::https module versions 6.04 through 6.06

Description The issue allows attackers to disable server certificate validation via the HTTPS CA DIR or HTTPS CA FILE environment variable when using IO::Socket::SSL as the SSL socket class.

Recommendations For versions 6.04 through 6.06, consider disabling the use of the HTTPS CA DIR and HTTPS CA FILE environment variables to prevent server certificate validation from being disabled until a patch is available. Restrict access to the environment variables to minimize the risk of exploitation.

Exploit

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2014-3230

MGASA-2014-0257

OPENSUSE-SU-2024:10239-1

USN-2292-1

Produtos afetados

Ubuntu

Libwww-Perl

PT-2014-5152 · Perl+1 · Libwww-Perl+1

CVE-2014-3230

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24