CVE-2015-3644
stunnel 5.00-5.13 - Improper Access Control via Redirect Option
Title source: llmDescription
Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3299
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74659
Patch, Vendor Advisory x_refsource_confirm
https://www.stunnel.org/CVE-2015-3644.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032324
Scores
EPSS
0.0214
EPSS Percentile
79.8%
Details
CWE
CWE-284
Status
published
Products (14)
stunnel/stunnel
5.00
stunnel/stunnel
5.01
stunnel/stunnel
5.02
stunnel/stunnel
5.03
stunnel/stunnel
5.04
stunnel/stunnel
5.05
stunnel/stunnel
5.06
stunnel/stunnel
5.07
stunnel/stunnel
5.08
stunnel/stunnel
5.09
... and 4 more
Published
May 14, 2015
Tracked Since
Feb 18, 2026