CVE-2008-2420

Description

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.

References

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/42528

http://www.vupen.com/english/advisories/2008/1569/references

http://www.securityfocus.com/bid/29309

http://www.mandriva.com/security/advisories?name=MDVSA-2008:168

http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html

http://security.gentoo.org/glsa/glsa-200808-08.xml

http://secunia.com/advisories/31438

http://secunia.com/advisories/30425

http://secunia.com/advisories/30335

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3