A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HPostgreSQL Jdbc Driver
APPPostgresql< 42.2.5Red Hat Enterprise Linux
OSRedhat6.07.0
Related vulnerabilities
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the...
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variab...