FKIE_CVE-2012-3488

Vulnerability from fkie_nvd - Published: 2012-10-03 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.
References
secalert@redhat.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1263.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1264.html
secalert@redhat.comhttp://secunia.com/advisories/50635
secalert@redhat.comhttp://secunia.com/advisories/50636
secalert@redhat.comhttp://secunia.com/advisories/50718
secalert@redhat.comhttp://secunia.com/advisories/50859
secalert@redhat.comhttp://secunia.com/advisories/50946
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2534
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:139
secalert@redhat.comhttp://www.postgresql.org/about/news/1407/Vendor Advisory
secalert@redhat.comhttp://www.postgresql.org/docs/8.3/static/release-8-3-20.html
secalert@redhat.comhttp://www.postgresql.org/docs/8.4/static/release-8-4-13.html
secalert@redhat.comhttp://www.postgresql.org/docs/9.0/static/release-9-0-9.html
secalert@redhat.comhttp://www.postgresql.org/docs/9.1/static/release-9-1-5.html
secalert@redhat.comhttp://www.postgresql.org/support/security/Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/55072
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1542-1
secalert@redhat.comhttps://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=849172
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1263.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1264.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50635
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50636
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50718
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50859
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50946
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2534
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:139
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/about/news/1407/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/docs/8.3/static/release-8-3-20.html
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/docs/8.4/static/release-8-4-13.html
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/docs/9.0/static/release-9-0-9.html
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
af854a3a-2127-422b-91ae-364da2661108http://www.postgresql.org/support/security/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/55072
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1542-1
af854a3a-2127-422b-91ae-364da2661108https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=849172
Impacted products
Vendor Product Version
postgresql postgresql 9.1
postgresql postgresql 9.1.1
postgresql postgresql 9.1.2
postgresql postgresql 9.1.3
postgresql postgresql 9.1.4
postgresql postgresql 8.4
postgresql postgresql 8.4.1
postgresql postgresql 8.4.2
postgresql postgresql 8.4.3
postgresql postgresql 8.4.4
postgresql postgresql 8.4.5
postgresql postgresql 8.4.6
postgresql postgresql 8.4.7
postgresql postgresql 8.4.8
postgresql postgresql 8.4.9
postgresql postgresql 8.4.10
postgresql postgresql 8.4.11
postgresql postgresql 8.4.12
postgresql postgresql 8.3
postgresql postgresql 8.3.1
postgresql postgresql 8.3.2
postgresql postgresql 8.3.3
postgresql postgresql 8.3.4
postgresql postgresql 8.3.5
postgresql postgresql 8.3.6
postgresql postgresql 8.3.7
postgresql postgresql 8.3.8
postgresql postgresql 8.3.9
postgresql postgresql 8.3.10
postgresql postgresql 8.3.11
postgresql postgresql 8.3.12
postgresql postgresql 8.3.13
postgresql postgresql 8.3.14
postgresql postgresql 8.3.15
postgresql postgresql 8.3.16
postgresql postgresql 8.3.17
postgresql postgresql 8.3.18
postgresql postgresql 8.3.19
postgresql postgresql 9.0
postgresql postgresql 9.0.1
postgresql postgresql 9.0.2
postgresql postgresql 9.0.3
postgresql postgresql 9.0.4
postgresql postgresql 9.0.5
postgresql postgresql 9.0.6
postgresql postgresql 9.0.7
postgresql postgresql 9.0.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "965E1A9D-BB23-4C0B-A9CA-54A1855055B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F37C66-0AFE-4D59-8867-BDBCE656774E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "F17D9158-E85A-4436-9180-E8546CF8F290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CBBE6E-8FDA-46AD-96A9-8C6CFFE97ABC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C9F0AB-A125-4DCD-A02B-E04D4D95FB5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF13F89-F4C3-43EC-A36A-2F9283E923B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2631F09-73DD-4A28-8082-3939D89DDBE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "82DDE9E7-EBF9-452B-8380-F9E87CF30ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BAE68CF-198D-4F01-92F3-4DED7E50ACA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF798CBC-C8BB-4F88-A927-B385A0DD8F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF8F568F-7D23-4553-95C5-C7C6B6584EB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DB64EA-DE7B-4CA4-8121-90612409152D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A932403-9187-471B-BE65-4B6907D57D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC6D76B-EF54-4F03-84BB-4CEAE31C4FFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE4CDA93-AEF6-489E-A5A1-BDC62BC9707B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "6866FCCB-1E43-4D8A-BC89-F06CB7A904B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "047926F2-846A-4870-9640-9A4F2804D71B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0165D8-0BFA-4D46-95A3-45A03DC086FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue."
    },
    {
      "lang": "es",
      "value": "El soporte libxslt en contrib/xml2 en PostgreSQL v8.3 anteriores a v8.3.20, v8.4 anteriores a v8.4.13, v9.0 anteriores a v9.0.9, y v9.1 anteriores a v9.1.5 no restringe el acceso de forma adecuada a ficheros y URLs, lo que permite a atacantes remotos modificar datos y obtener informaci\u00f3n sensible, o provocar tr\u00e1fico fuera de los l\u00edmites a host externos mediante el aprovechamiento de (1)comandos de hoja de estilo que son permitir\u00e1s por la opci\u00f3n de seguridad de libxslt o (2) la funcionalidad xslt_process, relacionada con la funcionalidad XML External Entity (tambi\u00e9n conocida como XXE)."
    }
  ],
  "id": "CVE-2012-3488",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-03T21:55:00.753",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1264.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50635"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50636"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50718"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50859"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50946"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2534"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/about/news/1407/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/support/security/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/55072"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1542-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1264.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50718"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/about/news/1407/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.postgresql.org/support/security/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1542-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=849172"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.