PRIOn knowledge basePRION:CVE-2012-0867Code injection
6.9 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.3%
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 6.0 | |
| opensuse | eq | 12.2 | |
| postgresql | eq | 8.4.8 | |
| postgresql | eq | 8.4.4 | |
| postgresql | eq | 8.4.1 | |
| postgresql | eq | 8.4.9 | |
| postgresql | eq | 8.4.3 | |
| postgresql | eq | 8.4.10 | |
| postgresql | eq | 8.4.6 | |
| postgresql | eq | 8.4 |
References
lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
rhn.redhat.com/errata/RHSA-2012-0678.html
secunia.com/advisories/49273
www.debian.org/security/2012/dsa-2418
www.mandriva.com/security/advisories?name=MDVSA-2012:026
www.postgresql.org/about/news/1377/
www.postgresql.org/docs/8.4/static/release-8-4-11.html
www.postgresql.org/docs/9.0/static/release-9-0-7.html
www.postgresql.org/docs/9.1/static/release-9-1-3.html
Related
6.9 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.3%