Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2009-3231

Related Vulnerabilities

Jboss EAP Other Vulnerability (CVE-2023-3628)

WebLogic CVE-2020-14757 Vulnerability (CVE-2020-14757)

Jboss EAP Incorrect Authorization Vulnerability (CVE-2017-12196)

Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1952)

Severity

Medium

Classification

CVE-2009-3231 CWE-287

Tags

Missing Update Known Vulnerabilities