CVE-2015-3152
medium
CVSS v3
5.9
CVSS v4 NEW
โ
VIR risk
5.9
Description
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Predictions
Exploit likelihood
69%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | 8.0 | affected | |
| fedora | 21 | affected | |
| fedora | 22 | affected | |
| rhel | 7.0 | affected | |
| rhel | 7.1 | affected | |
| rhel | 7.2 | affected | |
| rhel | 7.3 | affected | |
| rhel | 7.4 | affected | |
| rhel | 7.5 | affected | |
| rhel | 7.6 | affected | |
| rhel | 7.7 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| oracle | mysql | {"endIncluding":"5.7.2"} | |
| oracle | mysql_connector\/c | {"endIncluding":"6.1.2"} | |
| mariadb | mariadb | {"startIncluding":"5.5.0","endExcluding":"5.5.44"} | 5.5.44 |
| php | php | {"startIncluding":"5.4.0","endExcluding":"5.4.43"} | 5.4.43 |
| mariadb | mariadb | {"startIncluding":"10.0.0","endExcluding":"10.0.20"} | 10.0.20 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html
- http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
- http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
- http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
- http://rhn.redhat.com/errata/RHSA-2015-1646.html
- http://rhn.redhat.com/errata/RHSA-2015-1647.html
- http://rhn.redhat.com/errata/RHSA-2015-1665.html
- http://www.debian.org/security/2015/dsa-3311
- http://www.ocert.org/advisories/ocert-2015-003.html
- http://www.securityfocus.com/archive/1/535397/100/1100/threaded
- http://www.securityfocus.com/bid/74398
- http://www.securitytracker.com/id/1032216
- https://access.redhat.com/security/cve/cve-2015-3152
- https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
- https://jira.mariadb.org/browse/MDEV-7937
- https://www.duosecurity.com/blog/backronym-mysql-vulnerability
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html
- http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
- http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
- http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
- http://rhn.redhat.com/errata/RHSA-2015-1646.html
- http://rhn.redhat.com/errata/RHSA-2015-1647.html
- http://rhn.redhat.com/errata/RHSA-2015-1665.html
CWEs
CWE-295
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.