Описание
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-2420
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42528
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html
- http://secunia.com/advisories/30335
- http://secunia.com/advisories/30425
- http://secunia.com/advisories/31438
- http://security.gentoo.org/glsa/glsa-200808-08.xml
- http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:168
- http://www.securityfocus.com/bid/29309
- http://www.vupen.com/english/advisories/2008/1569/references
EPSS
CVE ID
Связанные уязвимости
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
The OCSP functionality in stunnel before 4.24 does not properly search ...
Уязвимость операционной системы Gentoo Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS