Vulnerability & Exploit Database

Back to search

PostgreSQL class A vulnerability in core server, limited deployments: CVE-2012-0867

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:N/I:P/A:N) July 18, 2012 February 24, 2013 February 13, 2015

Description

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

postgres-upgrade-8_4_11

Related Vulnerabilities