Vulnerabilites related to redhat - desktop_workstation
cve-2009-2696
Vulnerability from cvelistv5
Published
2010-08-05 18:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=616717 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/1986 | vdb-entry, x_refsource_VUPEN | |
| http://www.redhat.com/support/errata/RHSA-2010-0580.html | vendor-advisory, x_refsource_REDHAT | |
| http://secunia.com/advisories/40813 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:59:57.012Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=616717", }, { name: "ADV-2010-1986", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/1986", }, { name: "RHSA-2010:0580", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0580.html", }, { name: "40813", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/40813", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-08-02T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\" NOTE: this is due to a missing fix for CVE-2009-0781.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-08-18T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=616717", }, { name: "ADV-2010-1986", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/1986", }, { name: "RHSA-2010:0580", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2010-0580.html", }, { name: "40813", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/40813", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-2696", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\" NOTE: this is due to a missing fix for CVE-2009-0781.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=616717", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=616717", }, { name: "ADV-2010-1986", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/1986", }, { name: "RHSA-2010:0580", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2010-0580.html", }, { name: "40813", refsource: "SECUNIA", url: "http://secunia.com/advisories/40813", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-2696", datePublished: "2010-08-05T18:00:00", dateReserved: "2009-08-05T00:00:00", dateUpdated: "2024-08-07T05:59:57.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0867
Vulnerability from cvelistv5
Published
2012-07-18 23:00
Modified
2024-08-06 18:38
Severity ?
EPSS score ?
Summary
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.postgresql.org/about/news/1377/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49273 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-0678.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2012:026 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.postgresql.org/docs/9.0/static/release-9-0-7.html | x_refsource_CONFIRM | |
| http://www.postgresql.org/docs/8.4/static/release-8-4-11.html | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2418 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.postgresql.org/docs/9.1/static/release-9-1-3.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:38:14.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.postgresql.org/about/news/1377/", }, { name: "49273", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49273", }, { name: "RHSA-2012:0678", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0678.html", }, { name: "MDVSA-2012:026", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html", }, { name: "DSA-2418", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2418", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html", }, { name: "openSUSE-SU-2012:1173", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-02-27T00:00:00", descriptions: [ { lang: "en", value: "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-07-25T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.postgresql.org/about/news/1377/", }, { name: "49273", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49273", }, { name: "RHSA-2012:0678", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0678.html", }, { name: "MDVSA-2012:026", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html", }, { name: "DSA-2418", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2418", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html", }, { name: "openSUSE-SU-2012:1173", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0867", datePublished: "2012-07-18T23:00:00", dateReserved: "2012-01-19T00:00:00", dateUpdated: "2024-08-06T18:38:14.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2010-08-05 18:17
Modified
2024-11-21 01:05
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | tomcat | * | |
| redhat | desktop_workstation | 5 | |
| redhat | enterprise_linux | 5 | |
| redhat | enterprise_linux_desktop | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "CC0ED229-6BAE-4A1C-AC79-9A2F0A0E8545", versionEndIncluding: "4.1.39", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:desktop_workstation:5:*:*:*:*:*:*:*", matchCriteriaId: "B9F8A72C-443B-4FC8-9A9C-311A3ED94257", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*", matchCriteriaId: "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\" NOTE: this is due to a missing fix for CVE-2009-0781.", }, { lang: "es", value: "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en jsp/cal/cal2.jsp en la aplicación calendario en los ejemplos de aplicaciones web de Apache Tomcat en Red Hat Enterprise Linux v5, Desktop Workstation v5, y Linux Desktop v5 permite a atacantes remotos injectar código web o HTML a través de parámetros de tiempo, relacionados con \"HTML no válido\". NOTA: se debe a una corrección que falta para CVE-2009-0.781.", }, ], id: "CVE-2009-2696", lastModified: "2024-11-21T01:05:32.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-08-05T18:17:57.073", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40813", }, { source: "cve@mitre.org", url: "http://www.redhat.com/support/errata/RHSA-2010-0580.html", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2010/1986", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=616717", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/40813", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2010-0580.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/1986", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=616717", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-18 23:55
Modified
2024-11-21 01:35
Severity ?
Summary
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse_project | opensuse | 12.2 | |
| postgresql | postgresql | 8.4 | |
| postgresql | postgresql | 8.4.1 | |
| postgresql | postgresql | 8.4.2 | |
| postgresql | postgresql | 8.4.3 | |
| postgresql | postgresql | 8.4.4 | |
| postgresql | postgresql | 8.4.5 | |
| postgresql | postgresql | 8.4.6 | |
| postgresql | postgresql | 8.4.7 | |
| postgresql | postgresql | 8.4.8 | |
| postgresql | postgresql | 8.4.9 | |
| postgresql | postgresql | 8.4.10 | |
| postgresql | postgresql | 9.0 | |
| postgresql | postgresql | 9.0.1 | |
| postgresql | postgresql | 9.0.2 | |
| postgresql | postgresql | 9.0.3 | |
| postgresql | postgresql | 9.0.4 | |
| postgresql | postgresql | 9.0.5 | |
| postgresql | postgresql | 9.0.6 | |
| debian | debian_linux | 6.0 | |
| redhat | desktop_workstation | 5 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux_desktop | 5.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_hpc_node | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_aus | 6.2 | |
| redhat | enterprise_linux_server_eus | 6.2.z | |
| redhat | enterprise_linux_workstation | 6.0 | |
| postgresql | postgresql | 9.1 | |
| postgresql | postgresql | 9.1.1 | |
| postgresql | postgresql | 9.1.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse_project:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "06FD3E94-06C6-4C93-B6EB-442D1B5C62AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*", matchCriteriaId: "8F30CA60-0A82-45CD-8044-CE245393593D", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*", matchCriteriaId: "5C991F71-1E27-47A6-97DC-424FC3EF6011", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*", matchCriteriaId: "5740C7AA-1772-41D8-9851-3E3669CD8521", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*", matchCriteriaId: "970338CD-A680-4DD0-BD27-459B0DDA4002", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*", matchCriteriaId: "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*", matchCriteriaId: "3E9E57FA-5EAE-4698-992D-146C6310E0B8", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*", matchCriteriaId: "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*", matchCriteriaId: "87DF2937-9C51-4768-BAB1-901BCA636ADD", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*", matchCriteriaId: "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*", matchCriteriaId: "EA0EB754-7A71-40FA-9EAD-44914EB758C3", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*", matchCriteriaId: "1089D316-D5A3-4F2D-9E52-57FD626A1D06", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*", matchCriteriaId: "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CCB718D2-97AA-4D61-AA4B-2216EEF55F67", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*", matchCriteriaId: "605C06BF-54A0-40F8-A01E-8641B4A83035", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*", matchCriteriaId: "1F1F5B75-78D5-408E-8148-CA23DCED9CBB", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*", matchCriteriaId: "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*", matchCriteriaId: "F609DDE4-0858-4F83-B8E6-7870196E21CB", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*", matchCriteriaId: "349F02AF-013E-4264-9717-010293A3D6E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:desktop_workstation:5:*:*:*:*:*:*:*", matchCriteriaId: "B9F8A72C-443B-4FC8-9A9C-311A3ED94257", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", matchCriteriaId: "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", matchCriteriaId: "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", matchCriteriaId: "9BBCD86A-E6C7-4444-9D74-F861084090F0", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", matchCriteriaId: "AD6D0378-F0F4-4AAA-80AF-8287C790EC96", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2.z:*:*:*:*:*:*:*", matchCriteriaId: "BE3115B4-5DF0-415B-83D9-CC460AF75586", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*", matchCriteriaId: "4796DBEC-FF4F-4749-90D5-AD83D8B5E086", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*", matchCriteriaId: "79108278-D644-4506-BD9C-F464C6E817B7", vulnerable: true, }, { criteria: "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*", matchCriteriaId: "10CF0AA0-41CD-4D50-BA7A-BF8846115C95", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.", }, { lang: "es", value: "PostgreSQL v8.4.x antes de v8.4.11, v9.0.x antes de v9.0.7, y v9.1.x antes de v9.1.3 trunca el nombre común a sólo 32 caracteres en la verificación de los certificados SSL, lo que permite a atacantes remotos falsificar conexiones cuando el nombre de host es exactamente de 32 caracteres.", }, ], id: "CVE-2012-0867", lastModified: "2024-11-21T01:35:52.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-18T23:55:01.827", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0678.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/49273", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2012/dsa-2418", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.postgresql.org/about/news/1377/", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0678.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/49273", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2012/dsa-2418", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.postgresql.org/about/news/1377/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.postgresql.org/docs/8.4/static/release-8-4-11.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.postgresql.org/docs/9.0/static/release-9-0-7.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.postgresql.org/docs/9.1/static/release-9-1-3.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }