CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2015-4752 – mysql: unspecified vulnerability related to Server:I_S (CPU July 2015)
https://notcve.org/view.php?id=CVE-2015-4752
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.43 y anteriores y 5.6.24 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : I_S. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1630.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3308 http://www.debian.org/security/2015/dsa-3311 http:// •
CVSS: 5.9EPSS: 0%CPEs: 27EXPL: 1CVE-2015-3152 – mysql: use of SSL/TLS can not be enforced in mysql client library (oCERT-2015-003, BACKRONYM)
https://notcve.org/view.php?id=CVE-2015-3152
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. Oracle MySQL en versiones anteriores a 5.7.3, Oracle MySQL Connector/C (también conocido como libmysqlclient) en versiones anteriores a 6.1.3 y MariaDB en versiones anteriores a 5.5.44 utiliza la opción --ssl significa que SSL es opcional, lo que permite a atacantes man-in-the-middle suplantar servidores a través de un ataque de degradación de texto plano, también conocida como un ataque "BACKRONYM". It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html http://rhn.redhat.com/errata/RHSA-2015-1646.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn& • CWE-295: Improper Certificate Validation •