CVE-2011-0633: Input Validation
First published: Fri May 13 2011(Updated: )
The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libwww-perl | =5.40_01 | |
| libwww-perl | <=5.837 | |
| libwww-perl | =5.828 | |
| libwww-perl | =5.827 | |
| libwww-perl | =5.826 | |
| libwww-perl | =5.825 | |
| libwww-perl | =5.811 | |
| libwww-perl | =5.810 | |
| libwww-perl | =5.808 | |
| libwww-perl | =5.807 | |
| libwww-perl | =5.74 | |
| libwww-perl | =5.73 | |
| libwww-perl | =5.72 | |
| libwww-perl | =5.71 | |
| libwww-perl | =5.53_92 | |
| libwww-perl | =5.53_91 | |
| libwww-perl | =5.53_90 | |
| libwww-perl | =5.53 | |
| libwww-perl | =5.52 | |
| libwww-perl | =5.36 | |
| libwww-perl | =5.35 | |
| libwww-perl | =5.34 | |
| libwww-perl | =5.33 | |
| libwww-perl | =5.15 | |
| libwww-perl | =5.14 | |
| libwww-perl | =5.13 | |
| libwww-perl | =5.12 | |
| libwww-perl | =5b12 | |
| libwww-perl | =5b11 | |
| libwww-perl | =5b10 | |
| libwww-perl | =5b9 | |
| libwww-perl | =5.836 | |
| libwww-perl | =5.833 | |
| libwww-perl | =5.820 | |
| libwww-perl | =5.819 | |
| libwww-perl | =5.818 | |
| libwww-perl | =5.817 | |
| libwww-perl | =5.802 | |
| libwww-perl | =5.801 | |
| libwww-perl | =5.800 | |
| libwww-perl | =5.79 | |
| libwww-perl | =5.65 | |
| libwww-perl | =5.64 | |
| libwww-perl | =5.63 | |
| libwww-perl | =5.62 | |
| libwww-perl | =5.53_97 | |
| libwww-perl | =5.47 | |
| libwww-perl | =5.46 | |
| libwww-perl | =5.45 | |
| libwww-perl | =5.44 | |
| libwww-perl | =5.20 | |
| libwww-perl | =5.19 | |
| libwww-perl | =5.18_05 | |
| libwww-perl | =5.18_04 | |
| libwww-perl | =5.07 | |
| libwww-perl | =5.06 | |
| libwww-perl | =5.05 | |
| libwww-perl | =5.04 | |
| libwww-perl | =0.04 | |
| libwww-perl | =0.03 | |
| libwww-perl | =0.02 | |
| libwww-perl | =0.01 | |
| libwww-perl | =5.831 | |
| libwww-perl | =5.829 | |
| libwww-perl | =5.824 | |
| libwww-perl | =5.822 | |
| libwww-perl | =5.815 | |
| libwww-perl | =5.813 | |
| libwww-perl | =5.805 | |
| libwww-perl | =5.803 | |
| libwww-perl | =5.78 | |
| libwww-perl | =5.76 | |
| libwww-perl | =5.69 | |
| libwww-perl | =5.67 | |
| libwww-perl | =5.60 | |
| libwww-perl | =5.53_96 | |
| libwww-perl | =5.53_94 | |
| libwww-perl | =5.51 | |
| libwww-perl | =5.49 | |
| libwww-perl | =5.42 | |
| libwww-perl | =5.32 | |
| libwww-perl | =5.30 | |
| libwww-perl | =5.21 | |
| libwww-perl | =5.18_03 | |
| libwww-perl | =5.17 | |
| libwww-perl | =5.10 | |
| libwww-perl | =5.08 | |
| libwww-perl | =5.03 | |
| libwww-perl | =5.01 | |
| libwww-perl | =5b13 | |
| libwww-perl | =5b8 | |
| libwww-perl | =5b6 | |
| libwww-perl | =5.834 | |
| libwww-perl | =5.832 | |
| libwww-perl | =5.830 | |
| libwww-perl | =5.823 | |
| libwww-perl | =5.821 | |
| libwww-perl | =5.816 | |
| libwww-perl | =5.814 | |
| libwww-perl | =5.812 | |
| libwww-perl | =5.806 | |
| libwww-perl | =5.804 | |
| libwww-perl | =5.77 | |
| libwww-perl | =5.75 | |
| libwww-perl | =5.70 | |
| libwww-perl | =5.68 | |
| libwww-perl | =5.66 | |
| libwww-perl | =5.61 | |
| libwww-perl | =5.53_95 | |
| libwww-perl | =5.53_93 | |
| libwww-perl | =5.50 | |
| libwww-perl | =5.48 | |
| libwww-perl | =5.43 | |
| libwww-perl | =5.41 | |
| libwww-perl | =5.31 | |
| libwww-perl | =5.22 | |
| libwww-perl | =5.18 | |
| libwww-perl | =5.16 | |
| libwww-perl | =5.11 | |
| libwww-perl | =5.09 | |
| libwww-perl | =5.02 | |
| libwww-perl | =5.00 | |
| libwww-perl | =5b7 | |
| libwww-perl | =5b5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-0633?
CVE-2011-0633 has a critical severity rating as it allows remote attackers to spoof SSL certificate verifications.
How do I fix CVE-2011-0633?
To fix CVE-2011-0633, upgrade to libwww-perl version 6.00 or later to ensure full SSL certificate validation.
Who is affected by CVE-2011-0633?
CVE-2011-0633 affects users of libwww-perl versions prior to 6.00 that do not set the If-SSL-Cert-Subject header.
What types of attacks can CVE-2011-0633 facilitate?
CVE-2011-0633 can facilitate man-in-the-middle attacks, allowing attackers to intercept and alter communications.
Is there a known exploit for CVE-2011-0633?
While no specific exploits for CVE-2011-0633 have been widely publicized, the vulnerability poses a significant risk to secure communications.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/search.cpan
- canonical/libwww-perl
- version/libwww-perl/5.40_01
- version/libwww-perl/5.837
- vendor/gisle aas
- version/libwww-perl/5.828
- version/libwww-perl/5.827
- version/libwww-perl/5.826
- version/libwww-perl/5.825
- version/libwww-perl/5.811
- version/libwww-perl/5.810
- version/libwww-perl/5.808
- version/libwww-perl/5.807
- version/libwww-perl/5.74
- version/libwww-perl/5.73
- version/libwww-perl/5.72
- version/libwww-perl/5.71
- version/libwww-perl/5.53_92
- version/libwww-perl/5.53_91
- version/libwww-perl/5.53_90
- version/libwww-perl/5.53
- version/libwww-perl/5.52
- version/libwww-perl/5.36
- version/libwww-perl/5.35
- version/libwww-perl/5.34
- version/libwww-perl/5.33
- version/libwww-perl/5.15
- version/libwww-perl/5.14
- version/libwww-perl/5.13
- version/libwww-perl/5.12
- version/libwww-perl/5b12
- version/libwww-perl/5b11
- version/libwww-perl/5b10
- version/libwww-perl/5b9
- version/libwww-perl/5.836
- version/libwww-perl/5.833
- version/libwww-perl/5.820
- version/libwww-perl/5.819
- version/libwww-perl/5.818
- version/libwww-perl/5.817
- version/libwww-perl/5.802
- version/libwww-perl/5.801
- version/libwww-perl/5.800
- version/libwww-perl/5.79
- version/libwww-perl/5.65
- version/libwww-perl/5.64
- version/libwww-perl/5.63
- version/libwww-perl/5.62
- version/libwww-perl/5.53_97
- version/libwww-perl/5.47
- version/libwww-perl/5.46
- version/libwww-perl/5.45
- version/libwww-perl/5.44
- version/libwww-perl/5.20
- version/libwww-perl/5.19
- version/libwww-perl/5.18_05
- version/libwww-perl/5.18_04
- version/libwww-perl/5.07
- version/libwww-perl/5.06
- version/libwww-perl/5.05
- version/libwww-perl/5.04
- version/libwww-perl/0.04
- version/libwww-perl/0.03
- version/libwww-perl/0.02
- version/libwww-perl/0.01
- version/libwww-perl/5.831
- version/libwww-perl/5.829
- version/libwww-perl/5.824
- version/libwww-perl/5.822
- version/libwww-perl/5.815
- version/libwww-perl/5.813
- version/libwww-perl/5.805
- version/libwww-perl/5.803
- version/libwww-perl/5.78
- version/libwww-perl/5.76
- version/libwww-perl/5.69
- version/libwww-perl/5.67
- version/libwww-perl/5.60
- version/libwww-perl/5.53_96
- version/libwww-perl/5.53_94
- version/libwww-perl/5.51
- version/libwww-perl/5.49
- version/libwww-perl/5.42
- version/libwww-perl/5.32
- version/libwww-perl/5.30
- version/libwww-perl/5.21
- version/libwww-perl/5.18_03
- version/libwww-perl/5.17
- version/libwww-perl/5.10
- version/libwww-perl/5.08
- version/libwww-perl/5.03
- version/libwww-perl/5.01
- version/libwww-perl/5b13
- version/libwww-perl/5b8
- version/libwww-perl/5b6
- version/libwww-perl/5.834
- version/libwww-perl/5.832
- version/libwww-perl/5.830
- version/libwww-perl/5.823
- version/libwww-perl/5.821
- version/libwww-perl/5.816
- version/libwww-perl/5.814
- version/libwww-perl/5.812
- version/libwww-perl/5.806
- version/libwww-perl/5.804
- version/libwww-perl/5.77
- version/libwww-perl/5.75
- version/libwww-perl/5.70
- version/libwww-perl/5.68
- version/libwww-perl/5.66
- version/libwww-perl/5.61
- version/libwww-perl/5.53_95
- version/libwww-perl/5.53_93
- version/libwww-perl/5.50
- version/libwww-perl/5.48
- version/libwww-perl/5.43
- version/libwww-perl/5.41
- version/libwww-perl/5.31
- version/libwww-perl/5.22
- version/libwww-perl/5.18
- version/libwww-perl/5.16
- version/libwww-perl/5.11
- version/libwww-perl/5.09
- version/libwww-perl/5.02
- version/libwww-perl/5.00
- version/libwww-perl/5b7
- version/libwww-perl/5b5