mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
142 lines
5.3 KiB
JSON
142 lines
5.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"ID": "CVE-2015-3152",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html",
|
|
"refsource": "MISC",
|
|
"url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
|
|
},
|
|
{
|
|
"name": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
|
|
},
|
|
{
|
|
"name": "74398",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/74398"
|
|
},
|
|
{
|
|
"name": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
|
|
},
|
|
{
|
|
"name": "https://access.redhat.com/security/cve/cve-2015-3152",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://access.redhat.com/security/cve/cve-2015-3152"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:1646",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
|
|
},
|
|
{
|
|
"name": "DSA-3311",
|
|
"refsource": "DEBIAN",
|
|
"url": "http://www.debian.org/security/2015/dsa-3311"
|
|
},
|
|
{
|
|
"name": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/",
|
|
"refsource": "MISC",
|
|
"url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:1647",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
|
|
},
|
|
{
|
|
"name": "1032216",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1032216"
|
|
},
|
|
{
|
|
"name": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability",
|
|
"refsource": "MISC",
|
|
"url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
|
|
},
|
|
{
|
|
"name": "https://jira.mariadb.org/browse/MDEV-7937",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://jira.mariadb.org/browse/MDEV-7937"
|
|
},
|
|
{
|
|
"name": "http://www.ocert.org/advisories/ocert-2015-003.html",
|
|
"refsource": "MISC",
|
|
"url": "http://www.ocert.org/advisories/ocert-2015-003.html"
|
|
},
|
|
{
|
|
"name": "FEDORA-2015-10831",
|
|
"refsource": "FEDORA",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
|
|
},
|
|
{
|
|
"name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
|
|
},
|
|
{
|
|
"name": "FEDORA-2015-10849",
|
|
"refsource": "FEDORA",
|
|
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:1665",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
|
|
}
|
|
]
|
|
}
|
|
} |