PT-2017-6471 · Percona+1 · Percona-Toolkit+2

David Busby

Published

2017-09-28

Updated

2024-06-15

CVE-2015-1027

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions percona-toolkit versions prior to 2.2.13 xtrabackup versions prior to 2.2.9

Description The issue allows for silent HTTP downgrade attacks and Man In The Middle attacks. In these attacks, the server response can be modified, enabling the attacker to respond with a modified command payload. This can lead to the client returning additional running configuration information, resulting in an information disclosure of the running configuration of MySQL.

Recommendations For percona-toolkit versions prior to 2.2.13, update to version 2.2.13 or later. For xtrabackup versions prior to 2.2.9, update to version 2.2.9 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-1027

OPENSUSE-SU-2024:10095-1

OPENSUSE-SU-2024:10120-1

Affected Products

Mysql Server

Percona-Toolkit

Xtrabackup

PT-2017-6471 · Percona+1 · Percona-Toolkit+2

CVE-2015-1027

Weakness Enumeration

Related Identifiers

Affected Products

References · 14