Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based PostgreSQL servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended client-hostname restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PostgreSQL NULL Character CA SSL资格确认安全绕过漏洞
Vulnerability Description
PostgreSQL 是一个自由的对象-关系数据库服务器(数据库管理系统)。 PostgreSQL不能正确处理一个X.509证书的主题Common Name (CN)字段中的区域名称中的一个"\0"字符, which (1)中间人攻击者可以借助一个合法资格权威发放的一个人工服务器骗取任意SSL-based PostgreSQL,并且(2)远程攻击者可以借助一个合法资格权威发放的一个人工客户资格绕过客户机-主机名称。
CVSS Information
N/A
Vulnerability Type
N/A