Lucene search
PRIOn knowledge basePRION:CVE-2017-7485HistoryMay 12, 2017 - 7:29 p.m.
Code injection
2017-05-1219:29:00
PRIOn knowledge base
www.prio-n.com
9
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| postgresql | eq | 9.3.8 | |
| postgresql | eq | 9.5.1 | |
| postgresql | eq | 9.3.15 | |
| postgresql | eq | 9.4.5 | |
| postgresql | eq | 9.3 | |
| postgresql | eq | 9.3.11 | |
| postgresql | eq | 9.3.5 | |
| postgresql | eq | 9.5.5 | |
| postgresql | eq | 9.3.2 | |
| postgresql | eq | 9.6.2 |
References
www.debian.org/security/2017/dsa-3851
www.securityfocus.com/bid/98461
www.securitytracker.com/id/1038476
access.redhat.com/errata/RHSA-2017:1677
access.redhat.com/errata/RHSA-2017:1678
access.redhat.com/errata/RHSA-2017:1838
access.redhat.com/errata/RHSA-2017:2425
security.gentoo.org/glsa/201710-06
www.postgresql.org/about/news/1746/
Related
openvas
openvas
PostgreSQL MITM Vulnerability (May 2017) - Linux
2017-05-15 00:00:00
PostgreSQL MITM Vulnerability (May 2017) - Windows
2017-05-15 00:00:00
Debian Security Advisory DSA 3851-1 (postgresql-9.4 - security update)
2017-05-12 00:00:00
alpinelinux
alpinelinux
CVE-2017-7485
2017-05-12 19:29:00
cve
cve
CVE-2017-7485
2017-05-12 19:29:00
postgresql
postgresql
Vulnerability in client (CVE-2017-7485)
2017-05-12 19:29:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 06:30:24
ubuntucve
ubuntucve
CVE-2017-7485
2017-05-12 00:00:00
cvelist
cvelist
CVE-2017-7485
2017-05-12 19:00:00
archlinux
archlinux
[ASA-201705-24] postgresql-libs: man-in-the-middle
2017-05-30 00:00:00
redhatcve
redhatcve
CVE-2017-7485
2019-10-10 04:31:59
osv
osv
CVE-2017-7485
2017-05-12 19:29:00
postgresql-9.4 - security update
2017-05-12 00:00:00
nvd
nvd
CVE-2017-7485
2017-05-12 19:29:00
debiancve
debiancve
CVE-2017-7485
2017-05-12 19:29:00
nessus
nessus
mageia
mageia
Updated postgresql9.4 packages fix security vulnerabilities
2017-07-30 18:58:51
redhat
redhat
(RHSA-2017:1838) Moderate: rh-postgresql95-postgresql security update
2017-07-31 15:40:29
(RHSA-2017:1677) Moderate: rh-postgresql95-postgresql security update
2017-07-05 05:07:10
(RHSA-2017:1678) Moderate: rh-postgresql94-postgresql security update
2017-07-05 05:07:49
cloudfoundry
cloudfoundry
CVE-2017-7484, 7485, 7486: PostgreSQL vulnerabilities | Cloud Foundry
2017-05-24 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: postgresql-9.6.3-1.fc26
2017-05-16 00:58:01
[SECURITY] Fedora 26 Update: mingw-postgresql-9.6.3-1.fc26
2017-06-09 19:40:39
debian
debian
[SECURITY] [DSA 3851-1] postgresql-9.4 security update
2017-05-12 21:03:07
kaspersky
kaspersky
KLA11014 Mupltiple vulnerabilities in PostgreSQL
2017-05-11 00:00:00
amazon
amazon
Medium: postgresql93, postgresql94, postgresql95
2017-06-06 16:53:00
freebsd
freebsd
PostgreSQL vulnerabilities
2017-05-11 00:00:00
gentoo
gentoo
PostgreSQL: Multiple vulnerabilities
2017-10-08 00:00:00