Oracle MySQL SSL certificate verification Security Restriction Bypass Vulnerability (CVE-2015-3152)
Oracle MySQL SSL certificate verification Security Restriction Bypass Vulnerability (CVE-2015-3152)
Release date:
Updated on:
Affected Systems:
Oracle MySQL Server <= 5.7.2
Description:
Bugtraq id: 74398
CVE (CAN) ID: CVE-2015-3152
Oracle MySQL Server is a lightweight relational database system.
Oracle MySQL Server <= 5.7.2 has the Security Restriction Bypass Vulnerability. the mysql client library cannot implement ssl/tls connections, which can cause man-in-the-middle attacks and malicious degradation.
<* Source: Adam Goodman
*>
Suggestion:
Vendor patch:
Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390
Http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-3.html
This article permanently updates the link address: