CVE-2015-3644 — Improper Access Control in Stunnel

CWE-284 — Improper Access Control8 documents7 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 51.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stunnel

Timeline

PublishedMay 14

Latest updateMay 17

Description

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDstunnel/stunnel14 versions+13

Patches

Patch: www.stunnel.org ↗Patch: www.stunnel.org ↗

🔴Vulnerability Details

GHSA

GHSA-3w38-w685-6793: Stunnel 5↗2022-05-17

▶

OSV

CVE-2015-3644: Stunnel 5↗2015-05-14

▶

CVEList

CVE-2015-3644: Stunnel 5↗2015-05-14

▶

📋Vendor Advisories

Red Hat

stunnel: authentication bypass with the "redirect" option↗2015-05-14

▶

Debian

CVE-2015-3644: stunnel4 - Stunnel 5.00 through 5.13, when using the redirect option, does not redirect cli...↗2015

▶

💬Community

Bugzilla

CVE-2015-3644 stunnel: authentication bypass with the "redirect" option [fedora-all]↗2015-05-14

▶

Bugzilla

CVE-2015-3644 stunnel: authentication bypass with the "redirect" option↗2015-05-14

▶