Kaspersky LabKLA10343KLA10343 Multiple vulnerabilities in Stunnel
5.3 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.938 High
EPSS
Percentile
99.1%
Detect date:
08/07/2014
Severity:
Critical
Description:
An obsolete version of OpenSSL was found in Stunnel. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely.
Affected products:
Stunnel versions 5.02 and earlier
Solution:
Update to latest version
Original advisories:
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2014-35084.3Warning
CVE-2014-35096.8High
CVE-2014-35114.3Warning
CVE-2014-51394.3Warning
CVE-2014-35055.0Warning
CVE-2014-35065.0Warning
CVE-2014-35075.0Warning
CVE-2014-35104.3Warning
CVE-2014-35127.5High
Exploitation:
Public exploits exist for this vulnerability.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3505
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3507
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3508
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3509
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3510
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3511
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3512
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5139
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Stunnel/
www.stunnel.org/sdf_ChangeLog.html
Related
5.3 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.938 High
EPSS
Percentile
99.1%