CVE-2015-3152
Published
CVSS v3
5.9
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
MySQL Server, the world's most popular open source database, and MySQL Cluster, a real-time, open source transactional database.
GitHub