Detections
Analytics
F5 Networks BIG-IP : MySQL vulnerability (K53729441)
medium Nessus Plugin ID 111709
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10;Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a '/CN=' string in a field in a certificate, as demonstrated by '/OU=/CN=bar.com/CN=foo.com.' (CVE-2016-2047)
Solution
Upgrade to one of the non-vulnerable versions listed in the F5 Solution K53729441.See Also
Plugin Details
Severity: Medium
ID: 111709
File Name: f5_bigip_SOL53729441.nasl
Version: 1.2
Type: local
Published: 8/15/2018
Updated: 1/4/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Information
CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager
Required KB Items: Host/local_checks_enabled, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version
Patch Publication Date: 7/26/2016
Reference Information
CVE: CVE-2016-2047