Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
No history.
Information
Published : 2016-05-16 10:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-3152
Mitre link : CVE-2015-3152
CVE.ORG link : CVE-2015-3152
JSON object : View
Products Affected
php
- php
debian
- debian_linux
redhat
- enterprise_linux_desktop
- enterprise_linux_eus
- enterprise_linux_server
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_workstation
mariadb
- mariadb
oracle
- mysql
- mysql_connector\/c
fedoraproject
- fedora
CWE
CWE-295
Improper Certificate Validation