Description

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Remediation

References

CVE-2014-8161

Related Vulnerabilities

WordPress Plugin WP DSGVO Tools (GDPR) Security Bypass (3.1.23)

Apache HTTP Server Other Vulnerability (CVE-2007-1743)

Apache Tomcat Resource Management Errors Vulnerability (CVE-2011-0534)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.3)

Severity

Medium

Classification

CVE-2014-8161 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities