CVE-2015-3644

stunnel 5.00-5.13 - Improper Access Control via Redirect Option

Title source: llm
STIX 2.1

Description

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3299
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74659
Patch, Vendor Advisory x_refsource_confirm
https://www.stunnel.org/CVE-2015-3644.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032324

Scores

EPSS 0.0214
EPSS Percentile 79.8%

Details

CWE
CWE-284
Status published
Products (14)
stunnel/stunnel 5.00
stunnel/stunnel 5.01
stunnel/stunnel 5.02
stunnel/stunnel 5.03
stunnel/stunnel 5.04
stunnel/stunnel 5.05
stunnel/stunnel 5.06
stunnel/stunnel 5.07
stunnel/stunnel 5.08
stunnel/stunnel 5.09
... and 4 more
Published May 14, 2015
Tracked Since Feb 18, 2026