Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-1899
HistoryApr 04, 2013 - 5:55 p.m.

CVE-2013-1899

2013-04-0417:55:00
CWE-94
[email protected]
web.nvd.nist.gov
147
3
cve-2013-1899
postgresql
argument injection
vulnerability
remote attack
denial of service
file corruption
configuration settings
arbitrary code

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a โ€œ-โ€ (hyphen).

Affected configurations

NVD
Node
postgresqlpostgresqlMatch9.2
OR
postgresqlpostgresqlMatch9.2.1
OR
postgresqlpostgresqlMatch9.2.2
OR
postgresqlpostgresqlMatch9.2.3
Node
postgresqlpostgresqlMatch9.1
OR
postgresqlpostgresqlMatch9.1.1
OR
postgresqlpostgresqlMatch9.1.2
OR
postgresqlpostgresqlMatch9.1.3
OR
postgresqlpostgresqlMatch9.1.4
OR
postgresqlpostgresqlMatch9.1.5
OR
postgresqlpostgresqlMatch9.1.6
OR
postgresqlpostgresqlMatch9.1.7
OR
postgresqlpostgresqlMatch9.1.8
Node
postgresqlpostgresqlMatch9.0
OR
postgresqlpostgresqlMatch9.0.1
OR
postgresqlpostgresqlMatch9.0.2
OR
postgresqlpostgresqlMatch9.0.3
OR
postgresqlpostgresqlMatch9.0.4
OR
postgresqlpostgresqlMatch9.0.5
OR
postgresqlpostgresqlMatch9.0.6
OR
postgresqlpostgresqlMatch9.0.7
OR
postgresqlpostgresqlMatch9.0.8
OR
postgresqlpostgresqlMatch9.0.9
OR
postgresqlpostgresqlMatch9.0.10
OR
postgresqlpostgresqlMatch9.0.11
OR
postgresqlpostgresqlMatch9.0.12
Node
canonicalubuntu_linuxMatch8.04-lts
OR
canonicalubuntu_linuxMatch10.04-lts
OR
canonicalubuntu_linuxMatch11.10
OR
canonicalubuntu_linuxMatch12.04-lts
OR
canonicalubuntu_linuxMatch12.10

References

Social References

More

Related

openvas 21
prion 1
cvelist 1
nvd 1
seebug 1
postgresql 1
nessus 18
threatpost 1
checkpoint_advisories 1
huawei 1
metasploit 1
ubuntucve 1
securityvulns 6
osv 2
suse 5
debian 5
vmware 1
freebsd 1
ubuntu 1
fedora 3
amazon 1
gentoo 1
openvas
openvas
PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows
2013-04-09 00:00:00
Ubuntu: Security Advisory (USN-1789-1)
2013-04-05 00:00:00
openSUSE: Security Advisory for postgresql92 (openSUSE-SU-2013:0628-1)
2013-12-10 00:00:00
prion
prion
Design/Logic Flaw
2013-04-04 17:55:00
cvelist
cvelist
CVE-2013-1899
2013-04-04 17:00:00
nvd
nvd
CVE-2013-1899
2013-04-04 17:55:00
seebug
seebug
PostgreSQL ๆ‹’็ปๆœๅŠกๅ’Œไปฃ็ ๆ‰ง่กŒๆผๆดž(CVE-2013-1899)
2013-04-08 00:00:00
postgresql
postgresql
Vulnerability in core server (CVE-2013-1899)
2013-04-04 17:55:00
nessus
nessus
PostgreSQL 9.0 < 9.0.13 / 9.1 < 9.1.9 / 9.2 < 9.2.4 File Deletion
2013-04-08 00:00:00
Fedora 17 : postgresql-9.1.9-1.fc17 (2013-5000)
2013-04-07 00:00:00
Fedora 19 : postgresql-9.2.4-1.fc19 (2013-6148)
2013-04-22 00:00:00
threatpost
threatpost
Vulnerability Patched in PostgreSQL Database Server
2013-04-04 14:41:38
checkpoint_advisories
checkpoint_advisories
PostgreSQL Database Name Command Line Flag Injection (CVE-2013-1899)
2013-11-18 00:00:00
huawei
huawei
Security Advisory - Command Injection Vulnerability in the GaussDB
2017-05-31 00:00:00
metasploit
metasploit
PostgreSQL Database Name Command Line Flag Injection
2013-04-04 15:19:47
ubuntucve
ubuntucve
CVE-2013-1899
2013-04-04 00:00:00
securityvulns
securityvulns
ESA-2013-040: RSAยฎ Authentication Manager 8.0 Multiple Vulnerabilities
2013-06-04 00:00:00
[USN-1789-1] PostgreSQL vulnerabilities
2013-04-08 00:00:00
EMC RSA Authentication Manager security vulnerabilities
2013-07-15 00:00:00
osv
osv
postgresql-8.4 - guessable random numbers
2013-04-04 00:00:00
postgresql-9.1 - several
2013-04-04 00:00:00
suse
suse
postgresql91 to version 9.1.9. (important)
2013-04-05 10:04:26
Security update for PostgreSQL (important)
2013-04-23 22:04:36
Security update for PostgreSQL (important)
2013-04-05 19:06:20
debian
debian
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
2013-04-04 13:47:32
[SECURITY] [DSA 2658-1] postgresql-9.1 security update
2013-04-04 14:06:34
[BSA-080] Security Update for postgresql-9.1
2013-04-08 08:27:20
vmware
vmware
VMware vFabric Postgres security updates
2013-04-04 00:00:00
freebsd
freebsd
PostgreSQL -- anonymous remote access data corruption vulnerability
2013-04-04 00:00:00
ubuntu
ubuntu
PostgreSQL vulnerabilities
2013-04-04 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
2013-04-20 19:59:46
[SECURITY] Fedora 18 Update: postgresql-9.2.4-1.fc18
2013-04-05 22:59:41
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
2013-04-05 23:11:53
amazon
amazon
Critical: postgresql9
2013-04-04 11:49:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2014-08-29 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON
Related for CVE-2013-1899
openvas21prion1cvelist1nvd1seebug1postgresql1nessus18threatpost1checkpoint_advisories1huawei1metasploit1ubuntucve1securityvulns6osv2suse5debian5vmware1freebsd1ubuntu1fedora3amazon1gentoo1