CVE-2017-7513 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2017-7513

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

Published: Aug 22, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-7513
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
redhat / satellite	5.0	5.0.x
redhat / satellite	5.7	5.7.x
redhat / satellite	5.6	5.6.x
redhat / satellite	5.8	5.8.x
redhat / satellite	5.5	5.5.x
redhat / satellite	5.4.1	5.4.1.x
redhat / satellite	5.4	5.4.x
redhat / satellite	5.3	5.3.x
redhat / satellite	5.2	5.2.x
redhat / satellite	5.1.1	5.1.1.x