CVE-2014-3230

Summary

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.

Affected Software

VendorProductVersion RangeStatus
libwww-perlLWP::Protocol::https6.04 through 6.06affected

Weaknesses

  • Other

ADP Enrichment

CVE Program Container

Additional References

References