Improper input validation in Opensuse_project Opensuse
CVE-2012-0867
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.019 (83.5th percentile) — read the EPSS interpretation.
Affected products
- Opensuse_project Opensuse — versions 12.2
- Postgresql — versions 8.4, 8.4.1, 8.4.2
- Debian Debian_linux — versions 6.0
- Redhat Desktop_workstation — versions 5
- Redhat Enterprise_linux — versions 5.0
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_hpc_node — versions 6.0
- Redhat Enterprise_linux_server — versions 6.0
- Redhat Enterprise_linux_server_aus — versions 6.2
- Redhat Enterprise_linux_server_eus — versions 6.2.z
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- 49273 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2012:0678 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- MDVSA-2012:026 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
- secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
- DSA-2418 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
- openSUSE-SU-2012:1173 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2012-0867?
- CVE-2012-0867 is a vulnerability in Opensuse_project Opensuse, classified under Improper Input Validation. Published 2012-07-18.
- Is CVE-2012-0867 known to be exploited?
- 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.