Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-1618

Опубликовано: 25 мар. 2012
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

Отчет

The upstream development team of the JDBC driver for the PostgreSQL database does not consider improper escaping of certain JDBC statement / query parameters, when the JDBC driver of version older than the version of underlying PostgresSQL server is being used, to be a security defect. In general, the JDBC driver for the PostgreSQL database does not promise to work with server releases newer than the driver release. The Red Hat Security Response Team agrees with their assessment and so does not consider this to be a security flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5postgresql-jdbcNot affected
Red Hat Enterprise Linux 6postgresql-jdbcNot affected

Показывать по

Ссылки на источники

Дополнительная информация

https://bugzilla.redhat.com/show_bug.cgi?id=807394postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters

EPSS

Процентиль: 79%
0.01331
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-1618

ubuntu
больше 12 лет назад

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

nvd логотип

CVE-2012-1618

nvd
больше 12 лет назад

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standard_conforming_strings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to perform SQL injection attacks. NOTE: as of 20120330, it was claimed that the upstream developer planned to dispute this issue, but an official dispute has not been posted as of 20121005.

debian логотип

CVE-2012-1618

debian
больше 12 лет назад

Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...

github логотип

GHSA-h86w-m5rm-xr33

github
около 3 лет назад

Unescaped parameters in the PostgreSQL JDBC driver

EPSS

Процентиль: 79%
0.01331
Низкий

5 Medium

CVSS2