Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2016-2047
Description:The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in- the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/"
Test IDs:  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-2047
BugTraq ID: 81810
Debian Security Information: DSA-3453 (Google Search)
Debian Security Information: DSA-3557 (Google Search)
RedHat Security Advisories: RHSA-2016:0534
RedHat Security Advisories: RHSA-2016:0705
RedHat Security Advisories: RHSA-2016:1132
RedHat Security Advisories: RHSA-2016:1480
RedHat Security Advisories: RHSA-2016:1481
SuSE Security Announcement: SUSE-SU-2016:1279 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1332 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search)

© 1998-2021 E-Soft Inc. All rights reserved.