漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
漏洞信息
N/A
漏洞
N/A
漏洞
PostgreSQL NULL Character CA SSL资格确认安全绕过漏洞
漏洞信息
PostgreSQL 是一个自由的对象-关系数据库服务器(数据库管理系统)。 PostgreSQL不能正确处理一个X.509证书的主题Common Name (CN)字段中的区域名称中的一个"\0"字符, which (1)中间人攻击者可以借助一个合法资格权威发放的一个人工服务器骗取任意SSL-based PostgreSQL,并且(2)远程攻击者可以借助一个合法资格权威发放的一个人工客户资格绕过客户机-主机名称。
漏洞信息
N/A
漏洞
N/A