SSL/TLS Connection Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2017-7485
5.9MEDIUM
Key Information:
- Status
- Vendor
- CVE Published:
- 12 May 2017
What is CVE-2017-7485?
This vulnerability allows for the possibility of an active Man-in-the-Middle (MitM) attacker to bypass SSL/TLS protection on connections to PostgreSQL servers. The PGREQUIRESSL environment variable does not enforce a secure connection in specific versions of PostgreSQL, which could expose sensitive data to interception. It is crucial for users of affected PostgreSQL versions to apply the necessary updates to ensure that SSL/TLS connections are properly enforced and protected against potential exploits.
Affected Version(s)
PostgreSQL 9.3 - 9.6