CVE-2015-3152

MEDIUM

Oracle MySQL <5.7.3 & MariaDB <5.5.44 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3152. PoCs published by duo-labs.

AI-analyzed exploit summary This is a Python-based proof-of-concept tool that demonstrates a man-in-the-middle (MITM) attack against MySQL traffic to strip SSL/TLS encryption, exploiting CVE-2015-3152. It intercepts and forwards MySQL protocol traffic while downgrading secure connections.

Description

Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.

Exploits (1)

nomisec WORKING POC 43 stars
by duo-labs · poc
https://github.com/duo-labs/mysslstrip

This is a Python-based proof-of-concept tool that demonstrates a man-in-the-middle (MITM) attack against MySQL traffic to strip SSL/TLS encryption, exploiting CVE-2015-3152. It intercepts and forwards MySQL protocol traffic while downgrading secure connections.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: MySQL 5.7.2 and earlier, MySQL Connector 6.1.2 and earlier, Percona Server, MariaDB
No auth needed
Prerequisites: Network access to intercept MySQL traffic · MySQL client attempting to use SSL/TLS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74398
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/cve/cve-2015-3152
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1646.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3311
Exploit, Third Party Advisory x_refsource_misc
http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1647.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032216
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.mariadb.org/browse/MDEV-7937
Vendor Advisory x_refsource_misc
http://www.ocert.org/advisories/ocert-2015-003.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535397/100/1100/threaded
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1665.html

Scores

CVSS v3 5.9
EPSS 0.3969
EPSS Percentile 97.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-295
Status published
Products (24)
debian/debian_linux 8.0
fedoraproject/fedora 21
fedoraproject/fedora 22
mariadb/mariadb 5.5.0 - 5.5.44
oracle/mysql < 5.7.2
oracle/mysql_connector\/c < 6.1.2
php/php 5.4.0 - 5.4.43
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_eus 7.1
redhat/enterprise_linux_eus 7.2
... and 14 more
Published May 16, 2016
Tracked Since Feb 18, 2026