The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/30335 - Vendor Advisory | |
References | () http://secunia.com/advisories/30425 - | |
References | () http://secunia.com/advisories/31438 - | |
References | () http://security.gentoo.org/glsa/glsa-200808-08.xml - | |
References | () http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html - | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:168 - | |
References | () http://www.securityfocus.com/bid/29309 - Patch | |
References | () http://www.vupen.com/english/advisories/2008/1569/references - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/42528 - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html - | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html - |
Information
Published : 2008-05-23 15:32
Updated : 2024-11-21 00:46
NVD link : CVE-2008-2420
Mitre link : CVE-2008-2420
CVE.ORG link : CVE-2008-2420
JSON object : View
Products Affected
stunnel
- stunnel
CWE
CWE-264
Permissions, Privileges, and Access Controls