CVE-2012-0867 in PostgreSQLinfo

Summary

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/19/2012

Disclosure

07/18/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-16

CVSS

6.8

EPSS

0.01866

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-0867
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0867
CVE Details	https://www.cvedetails.com/cve/CVE-2012-0867/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!