PostgreSQL JDBC Driver SQL Injection Vulnerability (Win) Network Vulnerability

Summary

This host is installed with PostgreSQL with JDBC Driver and is prone to sql injection vulnerability.

Impact

Successful exploitation could allow attackers to manipulate SQL queries by injecting arbitrary SQL code and gain sensitive information. Impact Level: Application

Solution

Upgrade to PostgreSQL JDBC Driver versions 8.2 or later, For updates refer to http://jdbc.postgresql.org/download.html

Insight

An error exists within the JDBC driver which fails to escape unspecified JDBC statement parameters.

Affected

PostgreSQL JDBC Driver versions 8.1 on Windows

References

http://archives.neohapsis.com/archives/bugtraq/2012-03/0126.html
http://packetstormsecurity.com/files/111239/PostgreSQL-JDBC-Driver-8.1-SQL-Injection.html
http://seclists.org/bugtraq/2012/Mar/125
http://www.osvdb.org/80641
https://bugzilla.novell.com/show_bug.cgi?id=754273

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1618

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe Air Multiple Vulnerabilities June-2012 (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)

Take action and discover your vulnerabilities