Amazon Linux AMI : perl-libwww-perl (ALAS-2011-17)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in
WWW::Mechanize, LWP::UserAgent, and other products, when running in
environments that do not set the If-SSL-Cert-Subject header, does not
enable full validation of SSL certificates by default, which allows
remote attackers to spoof servers via man-in-the-middle (MITM) attacks
involving hostnames that are not properly validated. NOTE: it could be
argued that this is a design limitation of the Net::HTTPS API, and
separate implementations should be independently assigned CVE
identifiers for not working around this limitation. However, because
this API was modified within LWP, a single CVE identifier has been

See also :

Solution :

Run 'yum update perl-libwww-perl' to update your system.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69576 ()

Bugtraq ID:

CVE ID: CVE-2011-0633

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now