PostgreSQL Denial Of Service Vulnerability - Apr13 (Windows) Network Vulnerability

Summary

This host is installed with PostgreSQL and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitary SQL query, gain access or manipulate arbitrary files, and cause denial of service. Impact Level: Application

Solution

Upgrade to PostgreSQL 9.0.13, 9.1.9, 9.2.4 or later, For updates refer to http://www.postgresql.org/download

Insight

Improper validation of connection request that contains database name begins with the '-' symbol

Affected

PostgreSQL version 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13

References

http://osvdb.org/91962
http://secunia.com/advisories/52837
http://securitytracker.com/id?1028387
http://www.postgresql.org/about/news/1456

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1899
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
F-PROT Antivirus Multiple Vulnerabilities
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability
Firefox XUL Parsing Denial of Service Vulnerability (Linux)

PostgreSQL Denial of Service Vulnerability - Apr13 (Windows)

Take action and discover your vulnerabilities