PostgreSQL JDBC Driver SQL Injection Vulnerability (Win) Network Vulnerability

Summary

This host is installed with PostgreSQL with JDBC Driver and is prone to sql injection vulnerability.

Impact

Successful exploitation could allow attackers to manipulate SQL queries by injecting arbitrary SQL code and gain sensitive information. Impact Level: Application

Solution

Upgrade to PostgreSQL JDBC Driver versions 8.2 or later, For updates refer to http://jdbc.postgresql.org/download.html

Insight

An error exists within the JDBC driver which fails to escape unspecified JDBC statement parameters.

Affected

PostgreSQL JDBC Driver versions 8.1 on Windows

References

http://archives.neohapsis.com/archives/bugtraq/2012-03/0126.html
http://packetstormsecurity.com/files/111239/PostgreSQL-JDBC-Driver-8.1-SQL-Injection.html
http://seclists.org/bugtraq/2012/Mar/125
http://www.osvdb.org/80641
https://bugzilla.novell.com/show_bug.cgi?id=754273

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1618

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -02 April 13 (Windows)
Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)

Take action and discover your vulnerabilities