vulnerability
Amazon Linux AMI: CVE-2017-7485: Security patch for postgresql93, postgresql94, postgresql95 (ALAS-2017-839)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | May 12, 2017 | Jun 7, 2017 | Oct 14, 2022 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
May 12, 2017
Added
Jun 7, 2017
Modified
Oct 14, 2022
Description
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
Solution(s)
amazon-linux-upgrade--postgresql94amazon-linux-upgrade--postgresql95amazon-linux-upgrade-postgresql93
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.