Tag - CVE-2015-1027

Percona Security Advisory CVE-2015-1027

Contents

Summary
Analysis
Mitigating factors
P.O.C
Acknowledgments

Summary
During a code audit performed internally at Percona, we discovered a
viable information disclosure attack when coupled with a MITM attack
in which percona-toolkit and xtrabackup perl components could be
coerced into returning additional MySQL configuration information.
The vulnerability has since been closed.
Timeline
2014-12-16 Initial research, proof of concept exploitation and report completion
2015-01-07 CVE reservation request to Mitre, […]

Read more