VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-wp6a-qnkv-aaaf

Essentials
Severities (124)
References (26)
Severity details (42)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-wp6a-qnkv-aaaf
Aliases	CVE-2023-31486
Summary	HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Status	Published
Exploitability	0.5
Weighted Severity	7.3
Risk	3.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-295	Improper Certificate Validation
CWE-1188	Initialization of a Resource with an Insecure Default

System	Score	Found at
cvssv3	6.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31486.json
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00234	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00271	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00271	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00271	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00271	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00283	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00442	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.03866	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
epss	0.11343	https://api.first.org/data/v1/epss?cve=CVE-2023-31486
cvssv3.1	8.1	https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
cvssv3.1	8.1	https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
ssvc	Track	https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
ssvc	Track	https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
cvssv3.1	7.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.1	https://github.com/chansen/p5-http-tiny/pull/153
ssvc	Track	https://github.com/chansen/p5-http-tiny/pull/153
cvssv3.1	8.1	https://hackeriet.github.io/cpan-http-tiny-overview/
cvssv3.1	8.1	https://hackeriet.github.io/cpan-http-tiny-overview/
ssvc	Track	https://hackeriet.github.io/cpan-http-tiny-overview/
ssvc	Track	https://hackeriet.github.io/cpan-http-tiny-overview/
cvssv3	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-31486
cvssv3.1	8.1	https://nvd.nist.gov/vuln/detail/CVE-2023-31486
cvssv3.1	8.1	https://www.openwall.com/lists/oss-security/2023/04/18/14
cvssv3.1	8.1	https://www.openwall.com/lists/oss-security/2023/04/18/14
ssvc	Track	https://www.openwall.com/lists/oss-security/2023/04/18/14
ssvc	Track	https://www.openwall.com/lists/oss-security/2023/04/18/14
cvssv3.1	8.1	https://www.openwall.com/lists/oss-security/2023/05/03/4
cvssv3.1	8.1	https://www.openwall.com/lists/oss-security/2023/05/03/4
ssvc	Track	https://www.openwall.com/lists/oss-security/2023/05/03/4
ssvc	Track	https://www.openwall.com/lists/oss-security/2023/05/03/4
cvssv3.1	8.1	https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/
cvssv3.1	8.1	https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/
ssvc	Track	https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/
ssvc	Track	https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/04/29/1
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/04/29/1
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/04/29/1
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/04/29/1
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/05/03/3
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/05/03/3
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/05/03/3
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/05/03/3
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/05/03/5
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/05/03/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/05/03/5
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/05/03/5
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/05/07/2
cvssv3.1	8.1	http://www.openwall.com/lists/oss-security/2023/05/07/2
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/05/07/2
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/05/07/2

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31486.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-31486
		https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31486
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/chansen/p5-http-tiny/pull/153
		https://hackeriet.github.io/cpan-http-tiny-overview/
		https://security.netapp.com/advisory/ntap-20241129-0011/
		https://www.openwall.com/lists/oss-security/2023/04/18/14
		https://www.openwall.com/lists/oss-security/2023/05/03/4
		https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/
		http://www.openwall.com/lists/oss-security/2023/04/29/1
		http://www.openwall.com/lists/oss-security/2023/05/03/3
		http://www.openwall.com/lists/oss-security/2023/05/03/5
		http://www.openwall.com/lists/oss-security/2023/05/07/2
2228392		https://bugzilla.redhat.com/show_bug.cgi?id=2228392
954089		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954089
cpe:2.3:a:http\:\:tiny_project:http\:\:tiny::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:http\:\:tiny_project:http\:\:tiny::::::::
cpe:2.3:a:perl:perl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl::::::::
CVE-2023-31486		https://nvd.nist.gov/vuln/detail/CVE-2023-31486
GLSA-202411-09		https://security.gentoo.org/glsa/202411-09
RHSA-2023:6542		https://access.redhat.com/errata/RHSA-2023:6542
RHSA-2023:7174		https://access.redhat.com/errata/RHSA-2023:7174
RHSA-2024:0422		https://access.redhat.com/errata/RHSA-2024:0422
RHSA-2024:0579		https://access.redhat.com/errata/RHSA-2024:0579
RHSA-2024:4430		https://access.redhat.com/errata/RHSA-2024:4430

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31486.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/chansen/p5-http-tiny/pull/153

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at https://github.com/chansen/p5-http-tiny/pull/153

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://hackeriet.github.io/cpan-http-tiny-overview/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://hackeriet.github.io/cpan-http-tiny-overview/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at https://hackeriet.github.io/cpan-http-tiny-overview/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-31486

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-31486

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2023/04/18/14

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2023/04/18/14

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at https://www.openwall.com/lists/oss-security/2023/04/18/14

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2023/05/03/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.openwall.com/lists/oss-security/2023/05/03/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at https://www.openwall.com/lists/oss-security/2023/05/03/4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/04/29/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/04/29/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at http://www.openwall.com/lists/oss-security/2023/04/29/1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/03/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/03/3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at http://www.openwall.com/lists/oss-security/2023/05/03/3

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/03/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/03/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at http://www.openwall.com/lists/oss-security/2023/05/03/5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/07/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/05/07/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-30T19:18:03Z/ Found at http://www.openwall.com/lists/oss-security/2023/05/07/2

Exploit Prediction Scoring System (EPSS)

Percentile	0.62023
EPSS Score	0.00234
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.