Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for mysql_connector\/c by oracle

    CVE-2017-3635 (GCVE-0-2017-3635)

    Vulnerability from nvd – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:03
    VLAI
    Summary
    Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/99730 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038928 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3922 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Server Affected: 5.5.56 and earlier
    Affected: 5.6.36 and earlier
    Affected: 5.7.18 and earlier
    Create a notification for this product.
    Date Public
    2017-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:58.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99730",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99730"
              },
              {
                "name": "1038928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038928"
              },
              {
                "name": "DSA-3922",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3922"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3635",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:48:25.996102Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T17:03:12.243Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Server",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5.56 and earlier"
                },
                {
                  "status": "affected",
                  "version": "5.6.36 and earlier"
                },
                {
                  "status": "affected",
                  "version": "5.7.18 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-07T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "99730",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99730"
            },
            {
              "name": "1038928",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038928"
            },
            {
              "name": "DSA-3922",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3922"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3635",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MySQL Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "5.5.56 and earlier"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.6.36 and earlier"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.7.18 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99730",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99730"
                },
                {
                  "name": "1038928",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038928"
                },
                {
                  "name": "DSA-3922",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3922"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3635",
        "datePublished": "2017-08-08T15:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-04T17:03:12.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3152 (GCVE-0-2015-3152)

    Vulnerability from nvd – Published: 2016-05-16 10:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
              },
              {
                "name": "74398",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74398"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2015-3152"
              },
              {
                "name": "RHSA-2015:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
              },
              {
                "name": "DSA-3311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3311"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
              },
              {
                "name": "RHSA-2015:1647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
              },
              {
                "name": "1032216",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032216"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.mariadb.org/browse/MDEV-7937"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2015-003.html"
              },
              {
                "name": "FEDORA-2015-10831",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
              },
              {
                "name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
              },
              {
                "name": "FEDORA-2015-10849",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
              },
              {
                "name": "RHSA-2015:1665",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
            },
            {
              "name": "74398",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74398"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2015-3152"
            },
            {
              "name": "RHSA-2015:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
            },
            {
              "name": "DSA-3311",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3311"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
            },
            {
              "name": "RHSA-2015:1647",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
            },
            {
              "name": "1032216",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032216"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.mariadb.org/browse/MDEV-7937"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2015-003.html"
            },
            {
              "name": "FEDORA-2015-10831",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
            },
            {
              "name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
            },
            {
              "name": "FEDORA-2015-10849",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
            },
            {
              "name": "RHSA-2015:1665",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-3152",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
                },
                {
                  "name": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/",
                  "refsource": "CONFIRM",
                  "url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
                },
                {
                  "name": "74398",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74398"
                },
                {
                  "name": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2015-3152",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/security/cve/cve-2015-3152"
                },
                {
                  "name": "RHSA-2015:1646",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
                },
                {
                  "name": "DSA-3311",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3311"
                },
                {
                  "name": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/",
                  "refsource": "MISC",
                  "url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
                },
                {
                  "name": "RHSA-2015:1647",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
                },
                {
                  "name": "1032216",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032216"
                },
                {
                  "name": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
                },
                {
                  "name": "https://jira.mariadb.org/browse/MDEV-7937",
                  "refsource": "CONFIRM",
                  "url": "https://jira.mariadb.org/browse/MDEV-7937"
                },
                {
                  "name": "http://www.ocert.org/advisories/ocert-2015-003.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2015-003.html"
                },
                {
                  "name": "FEDORA-2015-10831",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
                },
                {
                  "name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
                },
                {
                  "name": "FEDORA-2015-10849",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
                },
                {
                  "name": "RHSA-2015:1665",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3152",
        "datePublished": "2016-05-16T10:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3635 (GCVE-0-2017-3635)

    Vulnerability from cvelistv5 – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:03
    VLAI
    Summary
    Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/99730 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038928 vdb-entryx_refsource_SECTRACK
    http://www.debian.org/security/2017/dsa-3922 vendor-advisoryx_refsource_DEBIAN
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Oracle Corporation MySQL Server Affected: 5.5.56 and earlier
    Affected: 5.6.36 and earlier
    Affected: 5.7.18 and earlier
    Create a notification for this product.
    Date Public
    2017-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:30:58.980Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99730",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99730"
              },
              {
                "name": "1038928",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038928"
              },
              {
                "name": "DSA-3922",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2017/dsa-3922"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-3635",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:48:25.996102Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T17:03:12.243Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MySQL Server",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5.56 and earlier"
                },
                {
                  "status": "affected",
                  "version": "5.6.36 and earlier"
                },
                {
                  "status": "affected",
                  "version": "5.7.18 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-07T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "99730",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99730"
            },
            {
              "name": "1038928",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038928"
            },
            {
              "name": "DSA-3922",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3922"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-3635",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "MySQL Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "5.5.56 and earlier"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.6.36 and earlier"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.7.18 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html,  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and  https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99730",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99730"
                },
                {
                  "name": "1038928",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038928"
                },
                {
                  "name": "DSA-3922",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2017/dsa-3922"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-3635",
        "datePublished": "2017-08-08T15:00:00.000Z",
        "dateReserved": "2016-12-06T00:00:00.000Z",
        "dateUpdated": "2024-10-04T17:03:12.243Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-3152 (GCVE-0-2015-3152)

    Vulnerability from cvelistv5 – Published: 2016-05-16 10:00 – Updated: 2024-08-06 05:39
    VLAI
    Summary
    Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-07-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:39:32.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
              },
              {
                "name": "74398",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/74398"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2015-3152"
              },
              {
                "name": "RHSA-2015:1646",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
              },
              {
                "name": "DSA-3311",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3311"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
              },
              {
                "name": "RHSA-2015:1647",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
              },
              {
                "name": "1032216",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032216"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.mariadb.org/browse/MDEV-7937"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ocert.org/advisories/ocert-2015-003.html"
              },
              {
                "name": "FEDORA-2015-10831",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
              },
              {
                "name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
              },
              {
                "name": "FEDORA-2015-10849",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
              },
              {
                "name": "RHSA-2015:1665",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
            },
            {
              "name": "74398",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/74398"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2015-3152"
            },
            {
              "name": "RHSA-2015:1646",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
            },
            {
              "name": "DSA-3311",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3311"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
            },
            {
              "name": "RHSA-2015:1647",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
            },
            {
              "name": "1032216",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032216"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.mariadb.org/browse/MDEV-7937"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ocert.org/advisories/ocert-2015-003.html"
            },
            {
              "name": "FEDORA-2015-10831",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
            },
            {
              "name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
            },
            {
              "name": "FEDORA-2015-10849",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
            },
            {
              "name": "RHSA-2015:1665",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2015-3152",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html"
                },
                {
                  "name": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/",
                  "refsource": "CONFIRM",
                  "url": "http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/"
                },
                {
                  "name": "74398",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/74398"
                },
                {
                  "name": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2015-3152",
                  "refsource": "CONFIRM",
                  "url": "https://access.redhat.com/security/cve/cve-2015-3152"
                },
                {
                  "name": "RHSA-2015:1646",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1646.html"
                },
                {
                  "name": "DSA-3311",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3311"
                },
                {
                  "name": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/",
                  "refsource": "MISC",
                  "url": "http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/"
                },
                {
                  "name": "RHSA-2015:1647",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1647.html"
                },
                {
                  "name": "1032216",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032216"
                },
                {
                  "name": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability",
                  "refsource": "MISC",
                  "url": "https://www.duosecurity.com/blog/backronym-mysql-vulnerability"
                },
                {
                  "name": "https://jira.mariadb.org/browse/MDEV-7937",
                  "refsource": "CONFIRM",
                  "url": "https://jira.mariadb.org/browse/MDEV-7937"
                },
                {
                  "name": "http://www.ocert.org/advisories/ocert-2015-003.html",
                  "refsource": "MISC",
                  "url": "http://www.ocert.org/advisories/ocert-2015-003.html"
                },
                {
                  "name": "FEDORA-2015-10831",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html"
                },
                {
                  "name": "20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535397/100/1100/threaded"
                },
                {
                  "name": "FEDORA-2015-10849",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html"
                },
                {
                  "name": "RHSA-2015:1665",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-1665.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-3152",
        "datePublished": "2016-05-16T10:00:00.000Z",
        "dateReserved": "2015-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:39:32.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }