Description
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form DB Multiple Cross-Site Scripting Vulnerabilities (2.8.15)
WordPress Plugin My Tickets Cross-Site Scripting (1.8.30)
WordPress Plugin Flipbox-Awesomes Flip Boxes Image Overlay Security Bypass (2.6.0)
WordPress Plugin Yes/No Chart SQL Injection (1.0.11)
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)