6.8

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
StunnelStunnel Version3.4a
StunnelStunnel Version3.5
StunnelStunnel Version3.6
StunnelStunnel Version3.7
StunnelStunnel Version3.8
StunnelStunnel Version3.8p1
StunnelStunnel Version3.8p2
StunnelStunnel Version3.8p3
StunnelStunnel Version3.8p4
StunnelStunnel Version3.9
StunnelStunnel Version3.10
StunnelStunnel Version3.11
StunnelStunnel Version3.12
StunnelStunnel Version3.13
StunnelStunnel Version3.14
StunnelStunnel Version3.15
StunnelStunnel Version3.16
StunnelStunnel Version3.17
StunnelStunnel Version3.18
StunnelStunnel Version3.19
StunnelStunnel Version3.20
StunnelStunnel Version3.21
StunnelStunnel Version3.21a
StunnelStunnel Version3.21b
StunnelStunnel Version3.21c
StunnelStunnel Version3.22
StunnelStunnel Version3.23
StunnelStunnel Version3.24
StunnelStunnel Version3.25
StunnelStunnel Version3.26
StunnelStunnel Version4.00
StunnelStunnel Version4.01
StunnelStunnel Version4.02
StunnelStunnel Version4.03
StunnelStunnel Version4.04
StunnelStunnel Version4.05
StunnelStunnel Version4.06
StunnelStunnel Version4.07
StunnelStunnel Version4.08
StunnelStunnel Version4.09
StunnelStunnel Version4.10
StunnelStunnel Version4.11
StunnelStunnel Version4.12
StunnelStunnel Version4.13
StunnelStunnel Version4.14
StunnelStunnel Version4.15
StunnelStunnel Version4.16
StunnelStunnel Version4.17
StunnelStunnel Version4.18
StunnelStunnel Version4.19
StunnelStunnel Version4.20
StunnelStunnel Version4.21
StunnelStunnel Version4.22
StunnelStunnel Version4.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.682
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/30335
Vendor Advisory
http://secunia.com/advisories/30425
http://secunia.com/advisories/31438
http://security.gentoo.org/glsa/glsa-200808-08.xml
http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:168
http://www.securityfocus.com/bid/29309
Patch
http://www.vupen.com/english/advisories/2008/1569/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42528
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html