Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2008-2420 - CERT CVE
CVE-2008-2420
ID
CVE-2008-2420
Sažetak
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
Reference
http://secunia.com/advisories/30335
http://secunia.com/advisories/30425
http://secunia.com/advisories/31438
http://security.gentoo.org/glsa/glsa-200808-08.xml
http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:168
http://www.securityfocus.com/bid/29309
http://www.vupen.com/english/advisories/2008/1569/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42528
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html
CVSS
Base:
6.8
Impact:
6.4
Exploitability:
8.6
Pristup
Vektor
Složenost
Autentikacija
NETWORK
MEDIUM
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
PARTIAL
PARTIAL
PARTIAL
CVSS vektor
AV:N/AC:M/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje
08-08-2017 - 01:31
Objavljeno
23-05-2008 - 15:32