[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2015-1027

Date: (C)2017-10-04   (M)2017-10-12 


The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: NONE





Reference:
https://bugs.launchpad.net/percona-toolkit/+bug/1408375
https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/

CWE    1
CWE-200

© 2013 SecPod Technologies