Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Access Control Vulnerability - CVE-2015-8838 - Vulnerability Database
PHP

PHP Improper Access Control Vulnerability - CVE-2015-8838

Medium
Reference: CVE-2015-8838
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-8838
Title: PHP Improper Access Control Vulnerability
Overview:

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43 5.5.x before 5.5.27 and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack a related issue to CVE-2015-3152.