Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-7485 - log back

CVE-2017-7485 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Man-in-the-middle

Description

+

A security issue has been found in the libpq component of PostgreSQL < 9.6.3, where the PGREQUIRESSL was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

References

+	https://www.postgresql.org/about/news/1746/

Notes