New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.6
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAn unspecified vulnerability in the MySQL Client component in Oracle MySQL 5.7.2 and earlier allows an attacker to downgrade MySQL SSL/TLS connections, snoop database queries and results, or directly manipulate database contents. (CVE-2015-3152)
Although the BIG-IP system includes the vulnerable components, in a standard configuration, the vulnerability is not exposed. The MySQL Client could be used to initiate connections from the BIG-IP CLI, to a remote database, using SSL/TLS. The built-in BIG-IP MySQL monitor does not support SSL/TLS. However, a custom External Application Verification (EAV) monitor could be written to use MySQL with SSL/TLS.
In a standard/default configuration, the BIG-IP system is not vulnerable.
Note : Enterprise Manager does not support the configuration of EAV monitors.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16845.