Medium severity5.9NVD Advisory· Published Sep 29, 2017· Updated May 13, 2026

CVE-2015-1027

Description

The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.

Affected products

Percona/Toolkit
cpe:2.3:a:percona:toolkit:*:*:*:*:*:*:*:*
Range: <=2.2.12
Percona/Xtrabackup
cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*
Range: <=2.2.8

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/nvdExploitMitigationVendor Advisory
bugs.launchpad.net/percona-toolkit/+bug/1408375nvdIssue TrackingThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000