Known Vulnerabilities

• CVE-2021-20230 authentication bypass with the "redirect" option
• CVE-2015-3644 authentication bypass with the "redirect" option
• CVE-2014-0016 private key leak via weak OpenSSL PRNG handling with FORK threading
• CVE-2013-1762 remote code execution via invalid integer conversion in the NTLM authentication
• CVE-2011-2940 denial of service (possible remote code execution) via heap memory corruption
• CVE-2008-2420 authentication bypass via weak OCSP protocol handling
• CVE-2008-2400 local privilege escalation on Windows service
• CVE-2003-0740 file descriptor leak to clients spawned with the "exec" option
• CVE-2003-0147 private key leak via missing RSA blinding (an OpenSSL bug)
• CVE-2002-1563 denial of service via race conditions in signal handling
• CVE-2002-0002 remote code execution via format string vulnerabilities in protocol negotiations
• CVE-2001-0060 remote code execution via format string vulnerability in inetd username