mysql-connector-java doesn’t check the server’s SSL certificate for an expiration date before it establishes the SSL connection. This would allow attackers to use an expired certificate to make requests to the server.
CPE | Name | Operator | Version |
---|---|---|---|
mysql-connector-java | le | 5.1.41 |
www.debian.org/security/2017/dsa-3857
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMySQL
www.securityfocus.com/bid/97784
www.securityfocus.com/bid/97982
www.securitytracker.com/id/1038287
forums.mysql.com/read.php?3,657049
github.com/mysql/mysql-connector-j/commit/aeba57264966b0fd329cdb8170ba772fd8fd4de2