5.3 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.938 High
EPSS
Percentile
99.1%
08/07/2014
Critical
An obsolete version of OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.
Stunnel versions 5.02 and earlier
Update to latest version
OSI
CVE-2014-35084.3Warning
CVE-2014-35096.8High
CVE-2014-35114.3Warning
CVE-2014-51394.3Warning
CVE-2014-35055.0Warning
CVE-2014-35065.0Warning
CVE-2014-35075.0Warning
CVE-2014-35104.3Warning
CVE-2014-35127.5High
Public exploits exist for this vulnerability.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Stunnel/
www.stunnel.org/sdf_ChangeLog.html