Vulnerabilities > Search Cpan
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-05-13 | CVE-2011-0633 | Improper Input Validation vulnerability in multiple products The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. | 4.3 |
2010-07-06 | CVE-2010-2253 | Improper Input Validation vulnerability in multiple products lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . | 6.8 |