CVE-2016-2047
published 2016-01-27CVE-2016-2047: The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and…
medium5.9CVSS 3.0
AVNACHPRNUINSUCNIHAN
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| mariadb | mariadb | >= 10.0.0 < 10.0.23 | 10.0.23 |
| mariadb | mariadb | >= 10.1.0 < 10.1.10 | 10.1.10 |
| mariadb | mariadb | >= 5.5.20 < 5.5.47 | 5.5.47 |
| opensuse | leap | — | — |
| oracle | linux | — | — |
| oracle | mysql | 5.5.0 – 5.5.48 | — |
| oracle | mysql | 5.6.0 – 5.6.29 | — |
| oracle | mysql | 5.7.0 – 5.7.11 | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM