PT-2017-5839 · Percona+1 · Percona-Toolkit+1
Publicado
2014-03-06
·
Atualizado
2024-06-15
·
CVE-2014-2029
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Percona Toolkit version 2.1
Description:
The automatic version check functionality in Percona Toolkit allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code. This is possible due to the use of HTTP to download configuration information from v.percona.com, which makes it vulnerable to interception and manipulation.
Recommendations:
For Percona Toolkit version 2.1, consider disabling the automatic version check functionality as a temporary workaround until a patch is available. Restrict access to sensitive information and configuration downloads to minimize the risk of exploitation.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Percona-Toolkit
Suse