5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.3%
Severity: High
Date : 2017-05-30
CVE-ID : CVE-2017-7485
Package : postgresql-libs
Type : man-in-the-middle
Remote : Yes
Link : https://security.archlinux.org/AVG-280
The package postgresql-libs before version 9.6.3-1 is vulnerable to
man-in-the-middle.
Upgrade to 9.6.3-1.
The problem has been fixed upstream in version 9.6.3.
None.
A security issue has been found in the libpq component of PostgreSQL <
9.6.3, where the PGREQUIRESSL was no longer enforcing a SSL/TLS
connection to a PostgreSQL server. An active Man-in-the-Middle attacker
could use this flaw to strip the SSL/TLS protection from a connection
between a client and a server.
A remote attacker in position of man-in-the-middle can intercept and
alter every communication between a vulnerable client and a server.
https://www.postgresql.org/about/news/1746/
https://security.archlinux.org/CVE-2017-7485
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | postgresql-libs | < 9.6.3-1 | UNKNOWN |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.3%