PT-2017-11505 · Mysql Server+3 · Dbd::Mysql+3

Pali

Publicado

2017-07-01

Atualizado

2025-04-07

CVE-2017-10789

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions DBD::mysql versions through 4.043

Description The issue allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack. This occurs because the mysql ssl=1 setting is used to mean that SSL is optional, despite the documentation stating that communication with the server will be encrypted.

Recommendations For DBD::mysql versions through 4.043, consider disabling the use of the mysql ssl=1 setting until a patch is available, and instead, enforce SSL encryption for all connections to prevent cleartext-downgrade attacks.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2018-1256

CVE-2017-10789

DLA-1079-1

MGASA-2018-0031

MGASA-2018-0283

OPENSUSE-SU-2018_1463-1

OPENSUSE-SU-2024:11160-1

SUSE-SU-2018:1449-1

SUSE-SU-2018:1450-1

USN-5344-1

USN-7417-1

Produtos afetados

Alt Linux

Dbd::Mysql

Suse

Ubuntu

PT-2017-11505 · Mysql Server+3 · Dbd::Mysql+3

CVE-2017-10789

Identificadores relacionados

Produtos afetados

Referências · 39