CVE-2015-1027

EUVD-2015-1171
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
perconatoolkit
𝑥
≤ 2.2.12
perconaxtrabackup
𝑥
≤ 2.2.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
percona-toolkit
bookworm
3.2.1-1
fixed
bullseye
3.2.1-1
fixed
sid
3.2.1-1
fixed
trixie
3.2.1-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
percona-toolkit
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
dne
precise
ignored
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
percona-xtrabackup
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
lucid
dne
precise
dne
trusty
dne
utopic
ignored
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
https://bugs.launchpad.net/percona-toolkit/+bug/1408375
https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/
https://bugs.launchpad.net/percona-toolkit/+bug/1408375
https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/