CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3024

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.5%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2009-3024

Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.14

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.14
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.15

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.15
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.16

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.16_1

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16_1
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.16_2

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16_2
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.16_3

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.16_3
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.17

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.17
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.18

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.18
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.19

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.19
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.20

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.20
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.21

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.21
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.22

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.22
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.23

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.23
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.24

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.24
Io-Socket-Ssl » Io-Socket-Ssl » Version: 1.25

cpe:2.3:a:io-socket-ssl:io-socket-ssl:1.25

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3024

Products

Pricing

Contact Us