CVE-2017-10789 β€” Channel Accessible by Non-Endpoint in Project Dbd-mysql

CWE-300 β€” Channel Accessible by Non-Endpoint12 documents8 sources
Severity
5.9MEDIUMNVD
EPSS
0.3%
top 50.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dbd-mysql Project Dbd-mysql
Timeline
PublishedJul 1
Latest updateApr 7

Description

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

πŸ”΄Vulnerability Details

5
OSV
libdbd-mysql-perl vulnerabilities↗2025-04-07
β–Ά
GHSA
GHSA-4384-9v4p-2vmf: The DBD::mysql module through 4β†—2022-05-13
β–Ά
OSV
libdbd-mysql-perl vulnerabilities↗2022-04-01
β–Ά
CVEList
CVE-2017-10789: The DBD::mysql module through 4β†—2017-07-01
β–Ά
OSV
CVE-2017-10789: The DBD::mysql module through 4β†—2017-07-01
β–Ά

πŸ“‹Vendor Advisories

4
Ubuntu
libdbd-mysql-perl vulnerabilities↗2025-04-07
β–Ά
Ubuntu
DBD::mysql vulnerabilities↗2022-04-01
β–Ά
Red Hat
perl-DBD-MySQL: Possible MITM attack when mysql_ssl=1β†—2017-07-01
β–Ά
Debian
CVE-2017-10789: libdbd-mysql-perl - The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mea...β†—2017
β–Ά

πŸ’¬Community

2
Bugzilla
CVE-2017-10789 perl-DBD-MySQL: Possible MITM attack when mysql_ssl=1β†—2017-07-04
β–Ά
Bugzilla
CVE-2017-10788 CVE-2017-10789 perl-DBD-MySQL: various flaws [fedora-all]β†—2017-07-04
β–Ά
CVE-2017-10789 β€” Channel Accessible by Non-Endpoint | cvebase