CVE-2015-1027

Опубликовано: 29 сент. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

CVSS3: 5.9

Описание

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	2.2.13-1
cosmic	not-affected	2.2.13-1
devel	not-affected	2.2.13-1
disco	not-affected	2.2.13-1
esm-apps/bionic	not-affected	2.2.13-1
esm-apps/xenial	not-affected	2.2.13-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
lucid	DNE
precise	ignored	end of life

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	2.3.7-0ubuntu0.16.04.2
cosmic	not-affected	2.3.7-0ubuntu0.16.04.2
devel	not-affected	2.3.7-0ubuntu0.16.04.2
disco	not-affected	2.3.7-0ubuntu0.16.04.2
esm-apps/bionic	not-affected	2.3.7-0ubuntu0.16.04.2
esm-apps/xenial	not-affected	2.3.7-0ubuntu0.16.04.2
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
lucid	DNE
precise	DNE

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2015-1027

EPSS

Процентиль: 50%

0.00264

Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2015-1027

CVSS3: 5.9

nvd

больше 8 лет назад

CVE-2015-1027

CVSS3: 5.9

debian

больше 8 лет назад

The version checking subroutine in percona-toolkit before 2.2.13 and x ...

GHSA-6q75-456q-rjf2

CVSS3: 5.9

github

больше 3 лет назад

EPSS

Процентиль: 50%

0.00264

Низкий

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2015-1027

Описание

Пакет percona-toolkit

Пакет percona-xtrabackup

Ссылки на источники

Связанные уязвимости