Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2015-3152
Description:Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Test IDs: 1.3.6.1.4.1.25623.1.0.869733   1.3.6.1.4.1.25623.1.0.869562   1.3.6.1.4.1.25623.1.0.808066   1.3.6.1.4.1.25623.1.0.808065   1.3.6.1.4.1.25623.1.0.808064   1.3.6.1.4.1.25623.1.0.808063   1.3.6.1.4.1.25623.1.0.891079   1.3.6.1.4.1.25623.1.0.851770   1.3.6.1.4.1.25623.1.1.4.2018.1449.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-3152
BugTraq ID: 74398
http://www.securityfocus.com/bid/74398
Bugtraq: 20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade (Google Search)
http://www.securityfocus.com/archive/1/535397/100/1100/threaded
Debian Security Information: DSA-3311 (Google Search)
http://www.debian.org/security/2015/dsa-3311
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
http://www.ocert.org/advisories/ocert-2015-003.html
https://www.duosecurity.com/blog/backronym-mysql-vulnerability
RedHat Security Advisories: RHSA-2015:1646
http://rhn.redhat.com/errata/RHSA-2015-1646.html
RedHat Security Advisories: RHSA-2015:1647
http://rhn.redhat.com/errata/RHSA-2015-1647.html
RedHat Security Advisories: RHSA-2015:1665
http://rhn.redhat.com/errata/RHSA-2015-1665.html
http://www.securitytracker.com/id/1032216




© 1998-2024 E-Soft Inc. All rights reserved.