CVE-2001-1089 - libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries

CVE-2001-1089

Summary

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.

References

Vulnerable Configurations

cpe:2.3:a:alessandro_gardich:nss_postgresql:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:alessandro_gardich:nss_postgresql:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:joerg_wendland:libnss-pgsql:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:joerg_wendland:libnss-pgsql:0.9.0:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	3314
bugtraq	20010910 RUS-CERT Advisory 2001-09:01
xf	postgresql-nss-authentication-modules(7111)

Last major update

10-10-2017 - 01:29

Published

10-09-2001 - 04:00

Last modified

10-10-2017 - 01:29