Security Advisory

CVE-2009-3024

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-08-31 20:00:00

Last updated 2024-08-07 06:14:55

Assigner mitre

State PUBLISHED

Description

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

← Browse all CVEs View on cve.org ↗