Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 02:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html - Mailing List, Third Party Advisory | |
References | () http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ - Exploit, Third Party Advisory | |
References | () http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ - Third Party Advisory | |
References | () http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html - Third Party Advisory, VDB Entry | |
References | () http://rhn.redhat.com/errata/RHSA-2015-1646.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2015-1647.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2015-1665.html - Third Party Advisory | |
References | () http://www.debian.org/security/2015/dsa-3311 - Third Party Advisory | |
References | () http://www.ocert.org/advisories/ocert-2015-003.html - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/535397/100/1100/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/74398 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1032216 - Third Party Advisory, VDB Entry | |
References | () https://access.redhat.com/security/cve/cve-2015-3152 - Third Party Advisory | |
References | () https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 - Patch, Third Party Advisory | |
References | () https://jira.mariadb.org/browse/MDEV-7937 - Issue Tracking, Vendor Advisory | |
References | () https://www.duosecurity.com/blog/backronym-mysql-vulnerability - Third Party Advisory |
04 Aug 2022, 19:47
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ - Third Party Advisory | |
References | (CONFIRM) https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 - Patch, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1647.html - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1032216 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1646.html - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/74398 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1665.html - Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html - Mailing List, Third Party Advisory | |
References | (MISC) https://www.duosecurity.com/blog/backronym-mysql-vulnerability - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/535397/100/1100/threaded - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://jira.mariadb.org/browse/MDEV-7937 - Issue Tracking, Vendor Advisory | |
References | (CONFIRM) https://access.redhat.com/security/cve/cve-2015-3152 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3311 - Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html - Mailing List, Third Party Advisory | |
References | (MISC) http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ - Exploit, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* |
|
CWE | CWE-295 |
Information
Published : 2016-05-16 10:59
Updated : 2024-11-21 02:28
NVD link : CVE-2015-3152
Mitre link : CVE-2015-3152
CVE.ORG link : CVE-2015-3152
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_server_aus
- enterprise_linux_workstation
- enterprise_linux_server_tus
- enterprise_linux_eus
php
- php
mariadb
- mariadb
oracle
- mysql
- mysql_connector\/c
debian
- debian_linux
CWE
CWE-295
Improper Certificate Validation