Aaron

**Name of the Vulnerable Software and Affected Versions** libwww-perl (LWP) versions prior to 6.00 **Description** The issue allows remote attackers to conduct man-in-the-middle (MITM) attacks by spoofing servers due to inadequate validation of SSL certificates when the If-SSL-Cert-Subject header is not set. This occurs because the Net::HTTPS module does not enable full validation of SSL certificates by default in such environments. **Recommendations** For versions prior to 6.00, update to version 6.00 or later to enable full validation of SSL certificates by default. As a temporary workaround, consider configuring the environment to set the If-SSL-Cert-Subject header to ensure proper validation of hostnames.