Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2015-3644

Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication.

  • Published: May 14, 2015
  • Updated: Apr 13, 2023
  • CVE: CVE-2015-3644
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
stunnel / stunnel 5.13 5.13.x
stunnel / stunnel 5.01 5.01.x
stunnel / stunnel 5.06 5.06.x
stunnel / stunnel 5.04 5.04.x
stunnel / stunnel 5.02 5.02.x
stunnel / stunnel 5.10 5.10.x
stunnel / stunnel 5.12 5.12.x
stunnel / stunnel 5.11 5.11.x
stunnel / stunnel 5.09 5.09.x
stunnel / stunnel 5.07 5.07.x
stunnel / stunnel 5.00 5.00.x
stunnel / stunnel 5.03 5.03.x
stunnel / stunnel 5.08 5.08.x
stunnel / stunnel 5.05 5.05.x