Количество 13
Количество 13
GHSA-gw5g-54qg-7583
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
CVE-2016-2047
The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...
SUSE-SU-2016:1279-1
Security update for mysql
openSUSE-SU-2016:1332-1
Security update for mysql-community-server
ELSA-2016-0534
ELSA-2016-0534: mariadb security and bug fix update (MODERATE)
openSUSE-SU-2016:1686-1
Security update for mariadb
SUSE-SU-2016:1620-1
Security update for mariadb
SUSE-SU-2016:1619-1
Security update for mariadb
SUSE-RU-2023:4991-1
Recommended update for mariadb104
SUSE-RU-2023:3956-1
Recommended update for mariadb104
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-gw5g-54qg-7583 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | CVSS3: 5.9 | 2% Низкий | больше 3 лет назад |
 | CVE-2016-2047 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | CVSS3: 5.9 | 2% Низкий | больше 9 лет назад |
 | CVE-2016-2047 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | CVSS2: 4.9 | 2% Низкий | больше 9 лет назад |
 | CVE-2016-2047 The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com." | CVSS3: 5.9 | 2% Низкий | больше 9 лет назад |
| CVE-2016-2047 The ssl_verify_server_cert function in sql-common/client.c in MariaDB ... | CVSS3: 5.9 | 2% Низкий | больше 9 лет назад |
 | SUSE-SU-2016:1279-1 Security update for mysql | больше 9 лет назад | ||
| openSUSE-SU-2016:1332-1 Security update for mysql-community-server | больше 9 лет назад | ||
| ELSA-2016-0534 ELSA-2016-0534: mariadb security and bug fix update (MODERATE) | больше 9 лет назад | ||
| openSUSE-SU-2016:1686-1 Security update for mariadb | около 9 лет назад | ||
| SUSE-SU-2016:1620-1 Security update for mariadb | около 9 лет назад | ||
| SUSE-SU-2016:1619-1 Security update for mariadb | около 9 лет назад | ||
| SUSE-RU-2023:4991-1 Recommended update for mariadb104 | больше 1 года назад | ||
| SUSE-RU-2023:3956-1 Recommended update for mariadb104 | почти 2 года назад |
Уязвимостей на страницу