Medium severity5.9NVD Advisory· Published Jul 1, 2017· Updated Jun 17, 2026
CVE-2017-10789
CVE-2017-10789
Description
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: <=4.043
- osv-coords6 versionspkg:rpm/opensuse/perl-DBD-mysql&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-DBD-mysql&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/perl-DBD-mysql&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/perl-DBD-mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/perl-DBD-mysql&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/perl-DBD-mysql&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 4.050-2.14+ 5 more
- (no CPE)range: < 4.050-2.14
- (no CPE)range: < 4.008-10.5.1
- (no CPE)range: < 4.021-12.5.2
- (no CPE)range: < 4.008-10.5.1
- (no CPE)range: < 4.021-12.5.2
- (no CPE)range: < 4.008-10.5.1
Patches
Vulnerability mechanics
References
4- www.securityfocus.com/bid/99364nvdThird Party AdvisoryVDB Entry
- github.com/perl5-dbi/DBD-mysql/issues/110nvdThird Party Advisory
- github.com/perl5-dbi/DBD-mysql/pull/114nvdThird Party Advisory
- github.com/perl5-dbi/DBD-mysql/issues/140nvd
News mentions
0No linked articles in our index yet.