Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
29 Aug 2022, 20:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Php
Php php |
|
CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
04 Aug 2022, 19:47
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/74398 - Third Party Advisory, VDB Entry | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html - Third Party Advisory, VDB Entry | |
References | (SECTRACK) http://www.securitytracker.com/id/1032216 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1646.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1647.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1665.html - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3311 - Third Party Advisory | |
References | (CONFIRM) http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ - Third Party Advisory | |
References | (CONFIRM) https://access.redhat.com/security/cve/cve-2015-3152 - Third Party Advisory | |
References | (MISC) https://www.duosecurity.com/blog/backronym-mysql-vulnerability - Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/535397/100/1100/threaded - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 - Patch, Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html - Mailing List, Third Party Advisory | |
References | (MISC) http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ - Exploit, Third Party Advisory | |
References | (CONFIRM) https://jira.mariadb.org/browse/MDEV-7937 - Issue Tracking, Vendor Advisory | |
First Time |
Redhat enterprise Linux Workstation
Redhat enterprise Linux Eus Fedoraproject Fedoraproject fedora Redhat Redhat enterprise Linux Server Debian Debian debian Linux Redhat enterprise Linux Server Aus Redhat enterprise Linux Server Tus Redhat enterprise Linux Desktop |
|
CWE | CWE-295 | |
CPE | cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* |
Information
Published : 2016-05-16 10:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3152
Mitre link : CVE-2015-3152
CVE.ORG link : CVE-2015-3152
JSON object : View
Products Affected
redhat
- enterprise_linux_server_tus
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux_eus
php
- php
mariadb
- mariadb
oracle
- mysql
- mysql_connector\/c
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-295
Improper Certificate Validation