CVE-2011-0633

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cpansearch.perl.org/src/GAAS/libwww-perl-6.02/Changes
http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html
http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html
http://cpansearch.perl.org/src/GAAS/libwww-perl-6.02/Changes
http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html
http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gisle_aas:libwww-perl:0.01:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:0.02:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:0.03:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:0.04:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.00:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.01:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.02:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.03:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.04:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.05:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.06:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.07:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.08:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.09:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.10:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.11:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.12:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.13:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.14:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.15:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.16:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.17:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.18:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.18_03:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.18_04:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.18_05:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.19:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.20:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.21:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.22:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.30:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.31:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.32:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.33:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.34:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.35:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.36:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.41:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.42:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.43:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.44:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.45:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.46:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.47:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.48:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.49:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.50:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.51:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.52:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_90:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_91:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_92:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_93:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_94:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_95:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_96:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.53_97:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.60:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.61:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.62:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.63:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.64:::::::*
	cpe:2.3:a:gisle_aas:libwww-perl:5.65:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.66:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.67:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.68:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.69:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.70:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.71:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.72:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.73:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.74:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.75:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.76:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.77:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.78:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.79:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.800:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.801:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.802:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.803:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.804:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.805:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.806:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.807:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.808:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.810:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.811:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.812:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.813:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.814:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.815:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.816:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.817:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.818:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.819:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.820:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.821:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.822:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.823:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.824:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.825:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.826:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.827:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.828:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.829:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.830:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.831:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.832:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.833:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.834:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5.836:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b5:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b6:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b7:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b8:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b9:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b10:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b11:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b12:::::::*
cpe:2.3:a:gisle_aas:libwww-perl:5b13:::::::*
cpe:2.3:a:search.cpan:libwww-perl::::::::
cpe:2.3:a:search.cpan:libwww-perl:5.40_01:::::::*

History

21 Nov 2024, 01:24

Type	Values Removed	Values Added
References	~~() http://cpansearch.perl.org/src/GAAS/libwww-perl-6.02/Changes -~~	() http://cpansearch.perl.org/src/GAAS/libwww-perl-6.02/Changes -
References	~~() http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html -~~	() http://vttynotes.blogspot.com/2010/12/man-in-middle-fun-with-perl-lwp.html -
References	~~() http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html -~~	() http://vttynotes.blogspot.com/2011/03/quick-note-on-lwp-and-perl-security-cve.html -

Information

Published : 2011-05-13 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-0633

Mitre link : CVE-2011-0633

CVE.ORG link : CVE-2011-0633

JSON object : View

Products Affected

gisle_aas

libwww-perl

search.cpan

libwww-perl

CWE

CWE-20

Improper Input Validation

4.3 /10