Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-0867
HistoryFeb 28, 2012 - 12:00 a.m.

CVE-2012-0867

2012-02-2800:00:00
ubuntu.com
ubuntu.com
16

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

75.9%

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3
truncates the common name to only 32 characters when verifying SSL
certificates, which allows remote attackers to spoof connections when the
host name is exactly 32 characters.

Bugs

Notes

Author Note
mdeslaur 8.3 is not affected

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

75.9%