NVD

Id
42932  
Name
CVE-2012-0867  
Description
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2012-07-18  
Modified Date
2016-12-07  
Seq
2012-0867  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
216109 42932 CVE-2012-0867 openSUSE-SU-2012:1173  View
216110 42932 CVE-2012-0867 RHSA-2012:0678  View
216111 42932 CVE-2012-0867 DSA-2418  View
216112 42932 CVE-2012-0867 MDVSA-2012:026  View
216113 42932 CVE-2012-0867 http://www.postgresql.org/about/news/1377/  View
216114 42932 CVE-2012-0867 http://www.postgresql.org/docs/8.4/static/release-8-4-11.html  View
216115 42932 CVE-2012-0867 http://www.postgresql.org/docs/9.0/static/release-9-0-7.html  View
216116 42932 CVE-2012-0867 http://www.postgresql.org/docs/9.1/static/release-9-1-3.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
27526 JVNDB-2012-003233 PostgreSQL における接続をなりすまされる脆弱性 PostgreSQL は、SSL 証明書の認証の際、コモンネームを 32 文字で切り捨てるため、ホスト名がちょうど 32 文字である場合に、接続をなりすまされる脆弱性が存在します。 CVE-2012-0867 54105 CVE-2012-0867 42932 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003233.html 2012-02-27 2012-11-14 View