CVE-2009-4833 - Vulnerability Details - OpenCVE

MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Mysql Connector\/net

Configuration 1 [-]

OR	cpe:2.3:a:oracle:mysql_connector\/net::::::::
	cpe:2.3:a:oracle:mysql_connector\/net:6.0.0:::::::*
	cpe:2.3:a:oracle:mysql_connector\/net:6.0.1:::::::*
	cpe:2.3:a:oracle:mysql_connector\/net:6.0.2:::::::*

No data.

References

Link	Providers
http://bugs.mysql.com/bug.php?id=38700
http://secunia.com/advisories/35604
http://www.securityfocus.com/bid/35514
http://www.securitytracker.com/id?1022482
https://exchange.xforce.ibmcloud.com/vulnerabilities/51406

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-04-29T19:00:00

Updated: 2024-08-07T07:17:25.992Z

Reserved: 2010-04-29T00:00:00

Link: CVE-2009-4833

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-04-29T19:30:00.510

Modified: 2025-04-11T00:51:21.963

Link: CVE-2009-4833

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-17T00:00:00", "descriptions": [{"lang": "en", "value": "MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1022482", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022482"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.mysql.com/bug.php?id=38700"}, {"name": "35514", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35514"}, {"name": "35604", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35604"}, {"name": "mysql-ssl-spoofing(51406)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51406"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4833", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1022482", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022482"}, {"name": "http://bugs.mysql.com/bug.php?id=38700", "refsource": "CONFIRM", "url": "http://bugs.mysql.com/bug.php?id=38700"}, {"name": "35514", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35514"}, {"name": "35604", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35604"}, {"name": "mysql-ssl-spoofing(51406)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51406"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:17:25.992Z"}, "title": "CVE Program Container", "references": [{"name": "1022482", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022482"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.mysql.com/bug.php?id=38700"}, {"name": "35514", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35514"}, {"name": "35604", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35604"}, {"name": "mysql-ssl-spoofing(51406)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51406"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4833", "datePublished": "2010-04-29T19:00:00", "dateReserved": "2010-04-29T00:00:00", "dateUpdated": "2024-08-07T07:17:25.992Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:mysql_connector\\/net:*:*:*:*:*:*:*:*", "matchCriteriaId": "6018C43F-C3C2-4A11-ADB1-930AE0DC4184", "versionEndIncluding": "6.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_connector\\/net:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB9E9F13-1D4C-4649-8549-5B2D74FEF6BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_connector\\/net:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "73FF69A8-A213-4D06-B071-BA539CFC7E5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_connector\\/net:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C913DCAC-55B3-45F7-A984-B904B22ED5B1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate."}, {"lang": "es", "value": "MySQL Connector/NET anterior a v6.0.4, cuando se utiliza encriptaci\u00f3n, no verificar los certificados SSL durante la conexi\u00f3n, lo cual permite a atacantes remotos llevar a cabo un ataque \"man-in-the-middle\" (hombre en el medio) con un certificado SSL falso."}], "id": "CVE-2009-4833", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-04-29T19:30:00.510", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://bugs.mysql.com/bug.php?id=38700"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35604"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35514"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022482"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://bugs.mysql.com/bug.php?id=38700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35514"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022482"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51406"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}