CVE-2015-3644

critical

Description

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.

References

https://www.stunnel.org/CVE-2015-3644.html

http://www.securitytracker.com/id/1032324

http://www.securityfocus.com/bid/74659

http://www.debian.org/security/2015/dsa-3299

Details

Source: Mitre, NVD

Published: 2015-05-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Severity: Critical