Lucene search

K
postgresqlPostgreSQL Global Development GroupPOSTGRESQL:CVE-2016-7048
HistoryOct 27, 2016 - 12:00 a.m.

Vulnerability in packaging (CVE-2016-7048)

2016-10-2700:00:00
PostgreSQL Global Development Group
www.postgresql.org
982
interactive installer
software vulnerability
plain http

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.007

Percentile

80.2%

Interactive installer downloads software over plain HTTP, then executes it

Affected configurations

Vulners
Node
postgresqlpostgresqlRange<9.1.24
OR
postgresqlpostgresqlRange<9.4.10
OR
postgresqlpostgresqlRange<9.3.15
OR
postgresqlpostgresqlRange<9.2.19
OR
postgresqlpostgresqlRange<9.5.5
VendorProductVersionCPE
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.007

Percentile

80.2%