vulnerability
Amazon Linux 2023: CVE-2023-31486: Important priority package update for perl-HTTP-Tiny (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Apr 18, 2023 | Feb 17, 2025 | Jul 4, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 18, 2023
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.
A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.
Solutions
amazon-linux-2023-upgrade-perlamazon-linux-2023-upgrade-perl-attribute-handlersamazon-linux-2023-upgrade-perl-autoloaderamazon-linux-2023-upgrade-perl-autosplitamazon-linux-2023-upgrade-perl-autouseamazon-linux-2023-upgrade-perl-bamazon-linux-2023-upgrade-perl-baseamazon-linux-2023-upgrade-perl-b-debuginfoamazon-linux-2023-upgrade-perl-benchmarkamazon-linux-2023-upgrade-perl-blibamazon-linux-2023-upgrade-perl-class-structamazon-linux-2023-upgrade-perl-config-extensionsamazon-linux-2023-upgrade-perl-dbm-filteramazon-linux-2023-upgrade-perl-debuggeramazon-linux-2023-upgrade-perl-debuginfoamazon-linux-2023-upgrade-perl-debugsourceamazon-linux-2023-upgrade-perl-deprecateamazon-linux-2023-upgrade-perl-develamazon-linux-2023-upgrade-perl-devel-peekamazon-linux-2023-upgrade-perl-devel-peek-debuginfoamazon-linux-2023-upgrade-perl-devel-selfstubberamazon-linux-2023-upgrade-perl-diagnosticsamazon-linux-2023-upgrade-perl-dirhandleamazon-linux-2023-upgrade-perl-docamazon-linux-2023-upgrade-perl-dumpvalueamazon-linux-2023-upgrade-perl-dynaloaderamazon-linux-2023-upgrade-perl-encoding-warningsamazon-linux-2023-upgrade-perl-englishamazon-linux-2023-upgrade-perl-errnoamazon-linux-2023-upgrade-perl-extutils-constantamazon-linux-2023-upgrade-perl-extutils-embedamazon-linux-2023-upgrade-perl-extutils-miniperlamazon-linux-2023-upgrade-perl-fcntlamazon-linux-2023-upgrade-perl-fcntl-debuginfoamazon-linux-2023-upgrade-perl-fieldsamazon-linux-2023-upgrade-perl-file-basenameamazon-linux-2023-upgrade-perl-filecacheamazon-linux-2023-upgrade-perl-file-compareamazon-linux-2023-upgrade-perl-file-copyamazon-linux-2023-upgrade-perl-file-dosglobamazon-linux-2023-upgrade-perl-file-dosglob-debuginfoamazon-linux-2023-upgrade-perl-file-findamazon-linux-2023-upgrade-perl-filehandleamazon-linux-2023-upgrade-perl-file-statamazon-linux-2023-upgrade-perl-filetestamazon-linux-2023-upgrade-perl-findbinamazon-linux-2023-upgrade-perl-gdbm-fileamazon-linux-2023-upgrade-perl-gdbm-file-debuginfoamazon-linux-2023-upgrade-perl-getopt-stdamazon-linux-2023-upgrade-perl-hash-utilamazon-linux-2023-upgrade-perl-hash-util-debuginfoamazon-linux-2023-upgrade-perl-hash-util-fieldhashamazon-linux-2023-upgrade-perl-hash-util-fieldhash-debuginfoamazon-linux-2023-upgrade-perl-http-tinyamazon-linux-2023-upgrade-perl-http-tiny-testsamazon-linux-2023-upgrade-perl-i18n-collateamazon-linux-2023-upgrade-perl-i18n-langinfoamazon-linux-2023-upgrade-perl-i18n-langinfo-debuginfoamazon-linux-2023-upgrade-perl-i18n-langtagsamazon-linux-2023-upgrade-perl-ifamazon-linux-2023-upgrade-perl-interpreteramazon-linux-2023-upgrade-perl-interpreter-debuginfoamazon-linux-2023-upgrade-perl-ioamazon-linux-2023-upgrade-perl-io-debuginfoamazon-linux-2023-upgrade-perl-ipc-open3amazon-linux-2023-upgrade-perl-lessamazon-linux-2023-upgrade-perl-libamazon-linux-2023-upgrade-perl-libnetcfgamazon-linux-2023-upgrade-perl-libsamazon-linux-2023-upgrade-perl-libs-debuginfoamazon-linux-2023-upgrade-perl-localeamazon-linux-2023-upgrade-perl-locale-maketext-simpleamazon-linux-2023-upgrade-perl-macrosamazon-linux-2023-upgrade-perl-math-complexamazon-linux-2023-upgrade-perl-memoizeamazon-linux-2023-upgrade-perl-meta-notationamazon-linux-2023-upgrade-perl-module-loadedamazon-linux-2023-upgrade-perl-mroamazon-linux-2023-upgrade-perl-mro-debuginfoamazon-linux-2023-upgrade-perl-ndbm-fileamazon-linux-2023-upgrade-perl-ndbm-file-debuginfoamazon-linux-2023-upgrade-perl-netamazon-linux-2023-upgrade-perl-nextamazon-linux-2023-upgrade-perl-odbm-fileamazon-linux-2023-upgrade-perl-odbm-file-debuginfoamazon-linux-2023-upgrade-perl-opcodeamazon-linux-2023-upgrade-perl-opcode-debuginfoamazon-linux-2023-upgrade-perl-openamazon-linux-2023-upgrade-perl-overloadamazon-linux-2023-upgrade-perl-overloadingamazon-linux-2023-upgrade-perl-phamazon-linux-2023-upgrade-perl-pod-functionsamazon-linux-2023-upgrade-perl-pod-htmlamazon-linux-2023-upgrade-perl-pod-perldocamazon-linux-2023-upgrade-perl-posixamazon-linux-2023-upgrade-perl-posix-debuginfoamazon-linux-2023-upgrade-perl-safeamazon-linux-2023-upgrade-perl-search-dictamazon-linux-2023-upgrade-perl-selectsaveramazon-linux-2023-upgrade-perl-selfloaderamazon-linux-2023-upgrade-perl-sigtrapamazon-linux-2023-upgrade-perl-sortamazon-linux-2023-upgrade-perl-subsamazon-linux-2023-upgrade-perl-symbolamazon-linux-2023-upgrade-perl-sys-hostnameamazon-linux-2023-upgrade-perl-sys-hostname-debuginfoamazon-linux-2023-upgrade-perl-term-completeamazon-linux-2023-upgrade-perl-term-readlineamazon-linux-2023-upgrade-perl-testamazon-linux-2023-upgrade-perl-testsamazon-linux-2023-upgrade-perl-text-abbrevamazon-linux-2023-upgrade-perl-threadamazon-linux-2023-upgrade-perl-thread-semaphoreamazon-linux-2023-upgrade-perl-tieamazon-linux-2023-upgrade-perl-tie-fileamazon-linux-2023-upgrade-perl-tie-memoizeamazon-linux-2023-upgrade-perl-timeamazon-linux-2023-upgrade-perl-time-pieceamazon-linux-2023-upgrade-perl-time-piece-debuginfoamazon-linux-2023-upgrade-perl-unicode-ucdamazon-linux-2023-upgrade-perl-user-pwentamazon-linux-2023-upgrade-perl-utilsamazon-linux-2023-upgrade-perl-varsamazon-linux-2023-upgrade-perl-vmsish
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.