HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List Patch |
http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List |
http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List Third Party Advisory |
https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation Patch Third Party Advisory |
https://github.com/chansen/p5-http-tiny/pull/153 | Patch |
https://hackeriet.github.io/cpan-http-tiny-overview/ | Product |
https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List Patch |
https://www.openwall.com/lists/oss-security/2023/05/03/4 | Mailing List Third Party Advisory |
https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/ | Issue Tracking |
Configurations
History
21 Jun 2023, 18:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Perl perl
Perl |
|
CPE | cpe:2.3:a:http\:\:tiny_project:http\:\:tiny:*:*:*:*:*:*:*:* cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/chansen/p5-http-tiny/pull/153 - Patch |
20 Jun 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. |
08 May 2023, 17:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:http\:\:tiny_project:http\:\:tiny:0.082:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CWE | CWE-295 | |
First Time |
Http\
Http\ \ |
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/03/3 - Mailing List, Patch | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/03/5 - Mailing List | |
References | (MISC) https://hackeriet.github.io/cpan-http-tiny-overview/ - Product | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/05/07/2 - Mailing List, Third Party Advisory | |
References | (MISC) https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ - Mitigation, Patch, Third Party Advisory | |
References | (MISC) https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/ - Issue Tracking | |
References | (MISC) https://www.openwall.com/lists/oss-security/2023/05/03/4 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2023/04/29/1 - Mailing List, Patch | |
References | (MISC) https://www.openwall.com/lists/oss-security/2023/04/18/14 - Mailing List, Patch |
08 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 May 2023, 10:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-29 00:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-31486
Mitre link : CVE-2023-31486
CVE.ORG link : CVE-2023-31486
JSON object : View
Products Affected
http\
- \
perl
- perl
CWE
CWE-295
Improper Certificate Validation