Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

PostgreSQL Man In The Middle (MITM) Vulnerability - May17 (Linux)

Information

Severity

Severity

Medium

Family

Family

Databases

CVSSv2 Base

CVSSv2 Base

4.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

4 years ago

Share

Summary

This host is running PostgreSQL and is prone to a man-in-the-middle attack vulnerability.

Insight

Insight

The flaw exists due to an error in the 'libpq' component of PostgreSQL, where the 'PGREQUIRESSL' environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server.

Affected Software

Affected Software

PostgreSQL version 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 on Linux.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Upgrade to PostgreSQL version 9.3.17 or 9.4.12 or 9.5.7 or 9.6.3 or later.

Common Vulnerabilities and Exposures (CVE)

References