Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-10789

Опубликовано: 01 июл. 2017
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5perl-DBD-MySQLWill not fix
Red Hat Enterprise Linux 6perl-DBD-MySQLWill not fix
Red Hat Enterprise Linux 7perl-DBD-MySQLWill not fix
Red Hat Software Collectionsrh-perl520-perl-DBD-MySQLWill not fix
Red Hat Software Collectionsrh-perl524-perl-DBD-MySQLWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-300
https://bugzilla.redhat.com/show_bug.cgi?id=1467606perl-DBD-MySQL: Possible MITM attack when mysql_ssl=1

EPSS

Процентиль: 49%
0.00256
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-10789

CVSS3: 5.9
ubuntu
больше 8 лет назад

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

nvd логотип

CVE-2017-10789

CVSS3: 5.9
nvd
больше 8 лет назад

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

debian логотип

CVE-2017-10789

CVSS3: 5.9
debian
больше 8 лет назад

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 sett ...

github логотип

GHSA-4384-9v4p-2vmf

CVSS3: 5.9
github
больше 3 лет назад

The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

suse-cvrf логотип

openSUSE-SU-2018:1463-1

suse-cvrf
больше 7 лет назад

Security update for perl-DBD-mysql

EPSS

Процентиль: 49%
0.00256
Низкий

6.8 Medium

CVSS3