CVE-2015-3644
Description
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.
Risk Information
Base Score
8.2
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score
Exploitation Probability
0.248
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.00 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.01 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.02 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.03 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.04 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.05 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.06 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.07 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.08 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.09 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.10 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.11 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.12 | Windows |
| Vulnerabilities CVE-2015-3644 are affected in stunnel 5.13 | Windows |
| SUSE-SU-2015:1062-1(SUSE Linux Enterprise Server 12 ) stunnel-5.00-3.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1062-1(SUSE Linux Enterprise Server 12 ) stunnel-debuginfo-5.00-3.1.x86_64.rpm | Linux |
| SUSE-SU-2015:1062-1(SUSE Linux Enterprise Server 12 ) stunnel-debugsource-5.00-3.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
| PATCH-348313 | stunnel (5.75) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234