Description

The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.

Remediation

References

CVE-2009-3231

Related Vulnerabilities

WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9582)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12718)

WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1967)

Severity

Medium

Classification

CVE-2009-3231 CWE-287

Tags

Missing Update Known Vulnerabilities