VYPR
Medium severity5.9NVD Advisory· Published May 16, 2016· Updated Jun 17, 2026

CVE-2015-3152

CVE-2015-3152

Description

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

45

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.