Main Vulnerability Database Vulnerabilities #VU40792

Improper access control in Stunnel - CVE-2015-3644

Published: May 14, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40792

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-3644

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Stunnel.org

Affected software:
Stunnel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.

How to mitigate CVE-2015-3644

Install update from vendor's website.

Sources

http://www.debian.org/security/2015/dsa-3299
http://www.securityfocus.com/bid/74659
http://www.securitytracker.com/id/1032324
https://www.stunnel.org/CVE-2015-3644.html

Improper access control in Stunnel - CVE-2015-3644

Detailed vulnerability description

How to mitigate CVE-2015-3644

Sources

Please verify you're human