Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PostgreSQL Improper Certificate Validation Vulnerability (CVE-2012-0867)

Description

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

Remediation

References

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2009-0754)

WordPress Plugin WTI Like Post SQL Injection (1.4.2)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-48110)

WordPress Plugin TI WooCommerce Wishlist Security Bypass (1.21.11)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)

Severity

Medium

Classification

CVE-2012-0867 CWE-295

Tags

Missing Update Known Vulnerabilities