CVE-2015-3644

Sažetak

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.

Reference

http://www.debian.org/security/2015/dsa-3299
http://www.securityfocus.com/bid/74659
http://www.securitytracker.com/id/1032324
https://www.stunnel.org/CVE-2015-3644.html

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

28-12-2016 - 02:59

Objavljeno

14-05-2015 - 00:59