Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Certificate Validation Vulnerability - CVE-2015-3152 - Vulnerability Database
PHP

PHP Improper Certificate Validation Vulnerability - CVE-2015-3152

Medium
Reference: CVE-2015-3152
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3152
Title: PHP Improper Certificate Validation Vulnerability
Overview:

Oracle MySQL before 5.7.3 Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3 and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack aka a quotBACKRONYMquot attack.