Description

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Remediation

References

CVE-2012-0867

Related Vulnerabilities

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2241)

WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] Cross-Site Scripting (1.4.2)

Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2019-14887)

PHP Deserialization of Untrusted Data Vulnerability (CVE-2018-19396)

PostgreSQL Resource Management Errors Vulnerability (CVE-2009-0922)

Severity

Medium

Classification

CVE-2012-0867 CWE-295

Tags

Missing Update Known Vulnerabilities