Lucene search

K

[email protected]NVD:CVE-2012-0867

HistoryJul 18, 2012 - 11:55 p.m.

CVE-2012-0867

2012-07-1823:55:01

CWE-20

CWE-295

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Affected configurations

NVD

Node

opensuse_projectopensuseMatch12.2

Node

postgresqlpostgresqlMatch8.4

OR

postgresqlpostgresqlMatch8.4.1

OR

postgresqlpostgresqlMatch8.4.2

OR

postgresqlpostgresqlMatch8.4.3

OR

postgresqlpostgresqlMatch8.4.4

OR

postgresqlpostgresqlMatch8.4.5

OR

postgresqlpostgresqlMatch8.4.6

OR

postgresqlpostgresqlMatch8.4.7

OR

postgresqlpostgresqlMatch8.4.8

OR

postgresqlpostgresqlMatch8.4.9

OR

postgresqlpostgresqlMatch8.4.10

Node

postgresqlpostgresqlMatch9.0

OR

postgresqlpostgresqlMatch9.0.1

OR

postgresqlpostgresqlMatch9.0.2

OR

postgresqlpostgresqlMatch9.0.3

OR

postgresqlpostgresqlMatch9.0.4

OR

postgresqlpostgresqlMatch9.0.5

OR

postgresqlpostgresqlMatch9.0.6

Node

debiandebian_linuxMatch6.0

Node

redhatdesktop_workstationMatch5

OR

redhatenterprise_linuxMatch5.0

OR

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_hpc_nodeMatch6.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_server_ausMatch6.2

OR

redhatenterprise_linux_server_eusMatch6.2.z

OR

redhatenterprise_linux_workstationMatch6.0

Node

postgresqlpostgresqlMatch9.1

OR

postgresqlpostgresqlMatch9.1.1

OR

postgresqlpostgresqlMatch9.1.2

References

lists.opensuse.org/opensuse-updates/2012-09/msg00060.html

rhn.redhat.com/errata/RHSA-2012-0678.html

secunia.com/advisories/49273

www.debian.org/security/2012/dsa-2418

www.mandriva.com/security/advisories?name=MDVSA-2012:026

www.postgresql.org/about/news/1377/

www.postgresql.org/docs/8.4/static/release-8-4-11.html

www.postgresql.org/docs/9.0/static/release-9-0-7.html

www.postgresql.org/docs/9.1/static/release-9-1-3.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

Related for NVD:CVE-2012-0867

prion1 cvelist1 ubuntucve1 cve1 postgresql1 securityvulns2 debian1 oraclelinux2 veracode1 openvas31 nessus20 fedora7 amazon1 ubuntu1 freebsd1 osv1 centos1 redhat1 seebug1 gentoo1