Lucene search

[email protected]NVD:CVE-2013-1899

HistoryApr 04, 2013 - 5:55 p.m.

CVE-2013-1899

2013-04-0417:55:00

CWE-94

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.972 High

EPSS

Percentile

99.8%

JSON

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a “-” (hyphen).

Affected configurations

NVD

Node

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

Node

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

Node

postgresqlpostgresqlMatch9.0

postgresqlpostgresqlMatch9.0.1

postgresqlpostgresqlMatch9.0.2

postgresqlpostgresqlMatch9.0.3

postgresqlpostgresqlMatch9.0.4

postgresqlpostgresqlMatch9.0.5

postgresqlpostgresqlMatch9.0.6

postgresqlpostgresqlMatch9.0.7

postgresqlpostgresqlMatch9.0.8

postgresqlpostgresqlMatch9.0.9

postgresqlpostgresqlMatch9.0.10

postgresqlpostgresqlMatch9.0.11

postgresqlpostgresqlMatch9.0.12

Node

canonicalubuntu_linuxMatch8.04-lts

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

References

lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html

support.apple.com/kb/HT5880

support.apple.com/kb/HT5892

www.debian.org/security/2013/dsa-2658

www.mandriva.com/security/advisories?name=MDVSA-2013:142

www.postgresql.org/about/news/1456/

www.postgresql.org/docs/current/static/release-9-0-13.html

www.postgresql.org/docs/current/static/release-9-1-9.html

www.postgresql.org/docs/current/static/release-9-2-4.html

www.postgresql.org/support/security/faq/2013-04-04/

www.ubuntu.com/usn/USN-1789-1

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.972 High

EPSS

Percentile

99.8%

JSON

Related for NVD:CVE-2013-1899

threatpost1 ubuntucve1 checkpoint_advisories1 huawei1 metasploit1 openvas21 prion1 cve1 cvelist1 seebug1 postgresql1 nessus18 osv2 securityvulns6 vmware1 suse5 debian5 freebsd1 ubuntu1 fedora3 amazon1 gentoo1