Description

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Remediation

References

CVE-2014-8161

Related Vulnerabilities

WordPress Plugin Newsletters Multiple Vulnerabilities (4.6.5.3)

WebLogic CVE-2017-10352 Vulnerability (CVE-2017-10352)

Oracle Application Server Other Vulnerability (CVE-2002-0560)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9476)

MongoDb Improper Input Validation Vulnerability (CVE-2014-3971)

Severity

Medium

Classification

CVE-2014-8161 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities