N/A

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.

N/A

对宿主不匹配的证书验证不恰当

postgresql-jdbc 安全漏洞

postgresql-jdbc是一个数据库驱动程序。 postgresql-jdbc 42.2.5之前版本中存在安全漏洞，该漏洞源于Postgres JDBC驱动程序在默认情况下没有检验主机名称。攻击者可通过向错误的主机提交证书利用该漏洞伪造可信的服务器。

N/A

N/A