The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | Issue Tracking Third Party Advisory |
https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/ | Exploit Mitigation Vendor Advisory |
https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | Issue Tracking Third Party Advisory |
https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/ | Exploit Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.launchpad.net/percona-toolkit/+bug/1408375 - Issue Tracking, Third Party Advisory | |
References | () https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/ - Exploit, Mitigation, Vendor Advisory |
Information
Published : 2017-09-29 01:34
Updated : 2024-11-21 02:24
NVD link : CVE-2015-1027
Mitre link : CVE-2015-1027
CVE.ORG link : CVE-2015-1027
JSON object : View
Products Affected
percona
- xtrabackup
- toolkit
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor