{"id":"CVE-2016-2047","details":"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"","modified":"2026-05-15T12:01:01.448663724Z","published":"2016-01-27T20:59:05.610Z","related":["SUSE-RU-2023:3956-1","SUSE-RU-2023:4991-1","SUSE-SU-2016:1279-1","SUSE-SU-2016:1619-1","SUSE-SU-2016:1620-1","openSUSE-SU-2024:10200-1","openSUSE-SU-2024:11038-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"15.10"},{"last_affected":"16.04"}],"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"],"vendor_product":"canonical:ubuntu_linux","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"8.0"},{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_FIELD"},{"cpes":["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"42.1"}],"vendor_product":"opensuse:leap","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"7"}],"cpes":["cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"],"vendor_product":"oracle:linux","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux","source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0534.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-0705.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1480.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1481.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3453"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3557"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/01/26/3"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/81810"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1035606"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2953-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2954-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"type":"ADVISORY","url":"https://mariadb.atlassian.net/browse/MDEV-9212"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/"},{"type":"ADVISORY","url":"https://mariadb.com/kb/en/mdb-10023-rn/"},{"type":"FIX","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}