The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-05-23 15:32
Updated : 2024-02-28 11:21
NVD link : CVE-2008-2420
Mitre link : CVE-2008-2420
CVE.ORG link : CVE-2008-2420
JSON object : View
Products Affected
stunnel
- stunnel
CWE
CWE-264
Permissions, Privileges, and Access Controls