Lucene search

RedhatCVE-2015-3152

HistoryMay 16, 2016 - 10:59 a.m.

CVE-2015-3152

2016-05-1610:59:01

CWE-295

redhat

web.nvd.nist.gov

101

cve-2015-3152

oracle

mysql

mariadb

ssl

cleartext-downgrade

vulnerability

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

54.4%

JSON

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a “BACKRONYM” attack.

Affected configurations

Nvd

Node

oraclemysqlRange≤5.7.2

oraclemysql_connector\/cRange≤6.1.2

Node

mariadbmariadbRange5.5.0–5.5.44

mariadbmariadbRange10.0.0–10.0.20

Node

fedoraprojectfedoraMatch21

fedoraprojectfedoraMatch22

Node

debiandebian_linuxMatch8.0

Node

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.1

redhatenterprise_linux_eusMatch7.2

redhatenterprise_linux_eusMatch7.3

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch7.0

Node

phpphpRange5.4.0–5.4.43

phpphpRange5.5.0–5.5.27

phpphpRange5.6.0–5.6.11

VendorProductVersionCPE
oraclemysql*cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
oraclemysql_connector\/c*cpe:2.3:a:oracle:mysql_connector\/c:*:*:*:*:*:*:*:*
mariadbmariadb*cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
fedoraprojectfedora22cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus7.1cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*
redhatenterprise_linux_eus7.2cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
redhatenterprise_linux_eus7.3cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	mysql	*	cpe:2.3:a:oracle:mysql::::::::
oracle	mysql_connector\/c	*	cpe:2.3:a:oracle:mysql_connector\/c::::::::
mariadb	mariadb	*	cpe:2.3:a:mariadb:mariadb::::::::
fedoraproject	fedora	21	cpe:2.3:o:fedoraproject:fedora:21:::::::*
fedoraproject	fedora	22	cpe:2.3:o:fedoraproject:fedora:22:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
redhat	enterprise_linux_desktop	7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
redhat	enterprise_linux_eus	7.1	cpe:2.3:o:redhat:enterprise_linux_eus:7.1:::::::*
redhat	enterprise_linux_eus	7.2	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
redhat	enterprise_linux_eus	7.3	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*