Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2015-3644

Published: 14/05/2015 Updated: 28/12/2016
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Stunnel

Vulnerability Summary

Stunnel 5.00 up to and including 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote malicious users to bypass authentication.

Vulnerable Product Search on Vulmon Subscribe to Product

stunnel stunnel 5.03

stunnel stunnel 5.04

stunnel stunnel 5.05

stunnel stunnel 5.12

stunnel stunnel 5.13

stunnel stunnel 5.00

stunnel stunnel 5.08

stunnel stunnel 5.09

stunnel stunnel 5.01

stunnel stunnel 5.02

stunnel stunnel 5.10

stunnel stunnel 5.11

stunnel stunnel 5.06

stunnel stunnel 5.07

Vendor Advisories

Debian CVElist Bug Report Logs: stunnel4: CVE-2015-3644
Debian Bug report logs - #785352 stunnel4: CVE-2015-3644 Package: src:stunnel4; Maintainer for src:stunnel4 is Peter Pentchev <roam@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 May 2015 06:27:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version stunnel4 ...
Debian Security Advisories: DSA-3299-1 stunnel4 -- security update
Johan Olofsson discovered an authentication bypass vulnerability in Stunnel, a program designed to work as an universal SSL tunnel for network daemons When Stunnel in server mode is used with the redirect option and certificate-based authentication is enabled with verify = 2 or higher, then only the initial connection is redirected to the hosts sp ...

References

CWE-284https://www.stunnel.org/CVE-2015-3644.htmlhttp://www.securitytracker.com/id/1032324http://www.securityfocus.com/bid/74659http://www.debian.org/security/2015/dsa-3299https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785352https://nvd.nist.govhttps://www.debian.org/security/./dsa-3299
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook