The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | Issue Tracking Third Party Advisory |
https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/ | Exploit Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-28T19:00:00
Updated: 2017-09-28T18:57:02
Reserved: 2015-01-10T00:00:00
Link: CVE-2015-1027
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-29T01:34:47.907
Modified: 2017-10-10T11:56:09.433
Link: CVE-2015-1027
JSON object: View
Redhat Information
No data.
CWE