CVE-2014-3230 - OpenCVE

The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Lwp\	\

Configuration 1 [-]

cpe:2.3:a:lwp\:\:protocol\:\:https_project:lwp\:\:protocol\:\:https:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/05/02/8	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/04/1	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/06/8	Mailing List Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579	Exploit Mailing List Patch Third Party Advisory
https://github.com/libwww-perl/lwp-protocol-https/pull/14	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-01-28T15:05:37

Updated: 2020-01-28T15:05:37

Reserved: 2014-05-06T00:00:00

Link: CVE-2014-3230

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-28T16:15:12.277

Modified: 2020-02-06T15:23:23.567

Link: CVE-2014-3230

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lwp\\:\\:protocol\\:\\:https_project:lwp\\:\\:protocol\\:\\:https:*:*:*:*:*:*:*:*", "matchCriteriaId": "25AA6911-A196-47BF-BC51-61C0547FACD7", "versionEndIncluding": "6.06", "versionStartIncluding": "6.04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable."}, {"lang": "es", "value": "El m\u00f3dulo LWP::Protocol::https de libwww-perl versiones 6.04 hasta 6.06 para Perl, cuando usa la funci\u00f3n IO::Socket::SSL como la clase de socket SSL, permite a atacantes deshabilitar la comprobaci\u00f3n del certificado del servidor por medio de la variable de entorno (1) HTTPS_CA_DIR o (2) HTTPS_CA_FILE."}], "id": "CVE-2014-3230", "lastModified": "2020-02-06T15:23:23.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-28T16:15:12.277", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/05/02/8"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/05/04/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/05/06/8"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://github.com/libwww-perl/lwp-protocol-https/pull/14"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}