Lucene search

K

[email protected]NVD:CVE-2017-7485

HistoryMay 12, 2017 - 7:29 p.m.

CVE-2017-7485

2017-05-1219:29:00

CWE-311

CWE-390

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch9.3

OR

postgresqlpostgresqlMatch9.3.1

OR

postgresqlpostgresqlMatch9.3.2

OR

postgresqlpostgresqlMatch9.3.3

OR

postgresqlpostgresqlMatch9.3.4

OR

postgresqlpostgresqlMatch9.3.5

OR

postgresqlpostgresqlMatch9.3.6

OR

postgresqlpostgresqlMatch9.3.7

OR

postgresqlpostgresqlMatch9.3.8

OR

postgresqlpostgresqlMatch9.3.9

OR

postgresqlpostgresqlMatch9.3.10

OR

postgresqlpostgresqlMatch9.3.11

OR

postgresqlpostgresqlMatch9.3.12

OR

postgresqlpostgresqlMatch9.3.13

OR

postgresqlpostgresqlMatch9.3.14

OR

postgresqlpostgresqlMatch9.3.15

OR

postgresqlpostgresqlMatch9.3.16

OR

postgresqlpostgresqlMatch9.4

OR

postgresqlpostgresqlMatch9.4.1

OR

postgresqlpostgresqlMatch9.4.2

OR

postgresqlpostgresqlMatch9.4.3

OR

postgresqlpostgresqlMatch9.4.4

OR

postgresqlpostgresqlMatch9.4.5

OR

postgresqlpostgresqlMatch9.4.6

OR

postgresqlpostgresqlMatch9.4.7

OR

postgresqlpostgresqlMatch9.4.8

OR

postgresqlpostgresqlMatch9.4.9

OR

postgresqlpostgresqlMatch9.4.10

OR

postgresqlpostgresqlMatch9.4.11

OR

postgresqlpostgresqlMatch9.5

OR

postgresqlpostgresqlMatch9.5.1

OR

postgresqlpostgresqlMatch9.5.2

OR

postgresqlpostgresqlMatch9.5.3

OR

postgresqlpostgresqlMatch9.5.4

OR

postgresqlpostgresqlMatch9.5.5

OR

postgresqlpostgresqlMatch9.5.6

OR

postgresqlpostgresqlMatch9.6

OR

postgresqlpostgresqlMatch9.6.1

OR

postgresqlpostgresqlMatch9.6.2

References

www.debian.org/security/2017/dsa-3851

www.securityfocus.com/bid/98461

www.securitytracker.com/id/1038476

access.redhat.com/errata/RHSA-2017:1677

access.redhat.com/errata/RHSA-2017:1678

access.redhat.com/errata/RHSA-2017:1838

access.redhat.com/errata/RHSA-2017:2425

security.gentoo.org/glsa/201710-06

www.postgresql.org/about/news/1746/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.5%

Related for NVD:CVE-2017-7485

openvas8 alpinelinux1 cve1 postgresql1 veracode1 ubuntucve1 cvelist1 archlinux1 redhatcve1 osv2 debiancve1 prion1 nessus13 mageia1 redhat4 cloudfoundry1 debian1 fedora2 kaspersky1 amazon1 freebsd1 gentoo1