CVE Vulnerabilities

CVE-2015-3152

Improper Certificate Validation

Published: May 16, 2016 | Modified: Aug 29, 2022
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
LOW

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the –ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a BACKRONYM attack.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Mysql Oracle * 5.7.2 (including)
Mysql_connector/c Oracle * 6.1.2 (including)
Red Hat Enterprise Linux 7 RedHat mariadb-1:5.5.44-1.ael7b_1 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat rh-mariadb100-mariadb-1:10.0.20-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6 RedHat mariadb55-mariadb-0:5.5.44-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat rh-mariadb100-mariadb-1:10.0.20-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.5 EUS RedHat mariadb55-mariadb-0:5.5.44-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat rh-mariadb100-mariadb-1:10.0.20-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS RedHat mariadb55-mariadb-0:5.5.44-1.el6 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-mariadb100-mariadb-1:10.0.20-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat mariadb55-mariadb-0:5.5.44-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS RedHat rh-mariadb100-mariadb-1:10.0.20-1.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS RedHat mariadb55-mariadb-0:5.5.44-1.el7 *
Mariadb-10.0 Ubuntu esm-apps/xenial *
Mariadb-10.0 Ubuntu upstream *
Mariadb-10.0 Ubuntu vivid *
Mariadb-10.0 Ubuntu wily *
Mariadb-10.0 Ubuntu xenial *
Mariadb-10.0 Ubuntu yakkety *
Mariadb-5.5 Ubuntu trusty *
Mariadb-5.5 Ubuntu upstream *
Mariadb-5.5 Ubuntu utopic *
Mysql-5.5 Ubuntu precise *
Mysql-5.5 Ubuntu precise/esm *
Mysql-5.5 Ubuntu trusty *
Mysql-5.5 Ubuntu trusty/esm *
Mysql-5.5 Ubuntu upstream *
Mysql-5.5 Ubuntu utopic *
Mysql-5.6 Ubuntu trusty *
Mysql-5.6 Ubuntu upstream *
Mysql-5.6 Ubuntu utopic *
Mysql-5.6 Ubuntu vivid *
Mysql-5.6 Ubuntu wily *
Mysql-dfsg-5.1 Ubuntu lucid *
Mysql-dfsg-5.1 Ubuntu upstream *
Percona-server-5.6 Ubuntu artful *
Percona-server-5.6 Ubuntu esm-apps/xenial *
Percona-server-5.6 Ubuntu upstream *
Percona-server-5.6 Ubuntu vivid *
Percona-server-5.6 Ubuntu wily *
Percona-server-5.6 Ubuntu xenial *
Percona-server-5.6 Ubuntu yakkety *
Percona-server-5.6 Ubuntu zesty *
Percona-xtradb-cluster-5.5 Ubuntu trusty *
Percona-xtradb-cluster-5.5 Ubuntu upstream *
Percona-xtradb-cluster-5.5 Ubuntu utopic *

Potential Mitigations

References