CVE-2015-1027
Last modified
CVE-2015-1027 is a vulnerability of currently unknown severity. The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Percona | Toolkit | <= 2.2.12 |
| Percona | Xtrabackup | <= 2.2.8 |
References
- https://bugs.launchpad.net/percona-toolkit/+bug/1408375Issue Tracking, Third Party Advisory
- https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/Exploit, Mitigation, Vendor Advisory
- https://bugs.launchpad.net/percona-toolkit/+bug/1408375Issue Tracking, Third Party Advisory
- https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/Exploit, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1027?
How severe is CVE-2015-1027?
How do I fix CVE-2015-1027?
Are you affected by CVE-2015-1027?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST