CVE-2016-2047 in MySQL Server정보

요약

\~에 의해 MITRE

The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2016. 01. 22.

공개

2016. 01. 27.

모더레이션

수락

항목

연결하다

보여 주다

CPE

준비됨

CWE

CWE-254 (확인됨)

CVSS

5.9 (NVD)

EPSS

0.03772

KEV

아니요

활동

매우 낮음

부문

Pharma, Industry, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2047
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2047
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2047/

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!