Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Stunnel 信任管理问题漏洞
Vulnerability Description
MichałTrojnara Stunnel是 MichałTrojnara开源的一个应用软件。提供TLS加密功能添加到现有客户端和服务器,而无需更改程序代码。 Stunnel 存在信任管理问题漏洞,该漏洞源于使用重定向和verifyChain选项时,客户端证书没有正确验证。以下产品和版本受到影响:stunnel before 5.57
CVSS Information
N/A
Vulnerability Type
N/A