Vulnerability Name:
CVE-2009-4833 (CCN-51406)
Assigned:
2009-06-17
Published:
2009-06-17
Updated:
2017-08-17
Summary:
MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
5.8 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
)
4.3 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
Partial
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
)
3.7 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-20
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: MySQL Bugs: #38700
SSL Certificate Validation is Missing, Causing Security Vulnerability
Source: CONFIRM
Type: Exploit, Patch
http://bugs.mysql.com/bug.php?id=38700
Source: MITRE
Type: CNA
CVE-2009-4833
Source: CCN
Type: MySQL SVN Repository
MySQL
Source: CCN
Type: SA35597
Sun Java Web Console Cross-Site Scripting Vulnerabilities
Source: CCN
Type: SA35604
MySQL Connector/NET Certificate Verification Security Issue
Source: SECUNIA
Type: Vendor Advisory
35604
Source: CCN
Type: SECTRACK ID: 1022482
MySQL Connector/Net is Missing SSL Certificate Validation
Source: CCN
Type: OSVDB ID: 55566
MySQL Connector/NET SSL Certificate Verification Weakness
Source: BID
Type: UNKNOWN
35514
Source: CCN
Type: BID-35514
MySQL Connector/Net SSL Certificate Validation Security Bypass Vulnerability
Source: SECTRACK
Type: UNKNOWN
1022482
Source: XF
Type: UNKNOWN
mysql-ssl-spoofing(51406)
Source: XF
Type: UNKNOWN
mysql-ssl-spoofing(51406)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:oracle:mysql_connector/net:6.0.0:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql_connector/net:6.0.1:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql_connector/net:6.0.2:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql_connector/net:*:*:*:*:*:*:*:*
(Version <= 6.0.3)
Configuration CCN 1
:
cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.18:*:*:*:*:*:*:*
OR
cpe:/a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.23:bk:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.44:-:*:*:*:*:*:*
OR
cpe:/a:mysql:mysql:5.0.51:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.10:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.11:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.12:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.13:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.14:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.15:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.16:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.17:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.19:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.1:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.20:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.21:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.22:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.27:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.33:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.37:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.3:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.4:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.6:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.7:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.8:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.9:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.23:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
OR
cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
OR
cpe:/a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.51a:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.30:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.36:-:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.24:a:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.0.51:b:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.30:*:*:*:*:*:*:*
OR
cpe:/a:oracle:mysql:5.1.32:bzr:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
oracle
mysql connector/net 6.0.0
oracle
mysql connector/net 6.0.1
oracle
mysql connector/net 6.0.2
oracle
mysql connector/net *
mysql
mysql 5.0
mysql
mysql 5.0.18
mysql
mysql 5.0.5.0.21
mysql
mysql 5.1.23_bk
mysql
mysql 5.0.44
mysql
mysql 5.0.51
mysql
mysql 5.0.0
mysql
mysql 5.0.0.0
mysql
mysql 5.0.0 alpha
mysql
mysql 5.0.1
mysql
mysql 5.0.10
mysql
mysql 5.0.10a
mysql
mysql 5.0.11
mysql
mysql 5.0.12
mysql
mysql 5.0.13
mysql
mysql 5.0.14
mysql
mysql 5.0.15
mysql
mysql 5.0.15a
mysql
mysql 5.0.16
mysql
mysql 5.0.16a
mysql
mysql 5.0.17
mysql
mysql 5.0.17a
mysql
mysql 5.0.19
mysql
mysql 5.0.1a
mysql
mysql 5.0.2
mysql
mysql 5.0.20
mysql
mysql 5.0.20a
mysql
mysql 5.0.21
mysql
mysql 5.0.22
mysql
mysql 5.0.24
mysql
mysql 5.0.27
mysql
mysql 5.0.3
mysql
mysql 5.0.3 beta
mysql
mysql 5.0.33
mysql
mysql 5.0.37
mysql
mysql 5.0.3a
mysql
mysql 5.0.4
mysql
mysql 5.0.41
mysql
mysql 5.0.4a
mysql
mysql 5.0.5
mysql
mysql 5.0.6
mysql
mysql 5.0.7
mysql
mysql 5.0.8
mysql
mysql 5.0.9
mysql
mysql 5.1.1
mysql
mysql 5.1.10
mysql
mysql 5.1.11
mysql
mysql 5.1.12
mysql
mysql 5.1.13
mysql
mysql 5.1.14
mysql
mysql 5.1.15
mysql
mysql 5.1.16
mysql
mysql 5.1.17
mysql
mysql 5.1.2
mysql
mysql 5.1.23
mysql
mysql 5.1.3
mysql
mysql 5.1.4
mysql
mysql 5.1.5
mysql
mysql 5.1.6
mysql
mysql 5.1.7
mysql
mysql 5.1.8
mysql
mysql 5.1.9
mysql
mysql 5.0.22.1.0.1
mysql
mysql 5.1
mysql
mysql 5.0.51a
mysql
mysql 5.0.30 sp1
mysql
mysql 5.0.50
mysql
mysql 5.0.45
mysql
mysql 5.0.30
mysql
mysql 5.0.42
mysql
mysql 5.0.23
mysql
mysql 5.0.38
mysql
mysql 5.0.36
mysql
mysql 5.0.32
mysql
mysql 5.0.25
mysql
mysql 5.0.24a
mysql
mysql 5.0.51b
mysql
mysql 5.1.30
mysql
mysql 5.1.32-bzr
Denotes that component is vulnerable