CVE-2009-3024

CVE-2009-3024 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.

Learn more about our Web Application Penetration Testing UK.