ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2016-05-16 10:59
Updated : 2023-11-07 02:28
NVD link : CVE-2015-8838
Mitre link : CVE-2015-8838
CVE.ORG link : CVE-2015-8838
JSON object : View
Products Affected
php
- php
CWE
CWE-284
Improper Access Control