Test ID:	1.3.6.1.4.1.25623.1.0.806678
Category:	Databases
Title:	MariaDB MITM Vulnerability (MDEV-9212) - Windows
Summary:	MariaDB is prone to a man-in-the-middle (MITM) vulnerability.
Description:	Summary: MariaDB is prone to a man-in-the-middle (MITM) vulnerability. Vulnerability Insight: The flaw exists due to error within 'ssl_verify_server_cert' function which does improper verification of the server hostname in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. Vulnerability Impact: Successful exploitation will allow a remote attacker to conduct a MITM attack. Affected Software/OS: MariaDB before versions 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10. Solution: Update to version 5.5.47, 10.0.23, 10.1.10 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2047 BugTraq ID: 81810 http://www.securityfocus.com/bid/81810 Debian Security Information: DSA-3453 (Google Search) http://www.debian.org/security/2016/dsa-3453 Debian Security Information: DSA-3557 (Google Search) http://www.debian.org/security/2016/dsa-3557 http://www.openwall.com/lists/oss-security/2016/01/26/3 RedHat Security Advisories: RHSA-2016:0534 http://rhn.redhat.com/errata/RHSA-2016-0534.html RedHat Security Advisories: RHSA-2016:0705 http://rhn.redhat.com/errata/RHSA-2016-0705.html RedHat Security Advisories: RHSA-2016:1132 https://access.redhat.com/errata/RHSA-2016:1132 RedHat Security Advisories: RHSA-2016:1480 http://rhn.redhat.com/errata/RHSA-2016-1480.html RedHat Security Advisories: RHSA-2016:1481 http://rhn.redhat.com/errata/RHSA-2016-1481.html http://www.securitytracker.com/id/1035606 SuSE Security Announcement: SUSE-SU-2016:1279 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html SuSE Security Announcement: SUSE-SU-2016:1619 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html SuSE Security Announcement: SUSE-SU-2016:1620 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html SuSE Security Announcement: openSUSE-SU-2016:1332 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html SuSE Security Announcement: openSUSE-SU-2016:1664 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html SuSE Security Announcement: openSUSE-SU-2016:1686 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://www.ubuntu.com/usn/USN-2953-1 http://www.ubuntu.com/usn/USN-2954-1
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.