CVE-2018-10936
published 2018-08-30CVE-2018-10936: A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier…
PriorityP341high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
2.91%
85.2th percentile
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libpgjava | < libpgjava 42.2.5-1 (bookworm) | libpgjava 42.2.5-1 (bookworm) |
| postgresql | postgresql_jdbc_driver | < 42.2.5 | 42.2.5 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| sympa | sympa | >= 0 < 6.1.17~dfsg-1ubuntu0.1~esm1 | 6.1.17~dfsg-1ubuntu0.1~esm1 |
| sympa | sympa | >= 0 < 6.1.24~dfsg-1ubuntu0.1~esm1 | 6.1.24~dfsg-1ubuntu0.1~esm1 |
| sympa | sympa | >= 0 < 6.2.24~dfsg-1ubuntu0.1~esm1 | 6.2.24~dfsg-1ubuntu0.1~esm1 |
| sympa | sympa | >= 0 < 6.2.40~dfsg-4ubuntu0.20.04.1~esm1 | 6.2.40~dfsg-4ubuntu0.20.04.1~esm1 |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian8.1HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
PostgreSQL: Postgres JDBC driver does not perform host name validation by default
vendor_redhat·2018-08-27·CVSS 8.1
CVE-2018-10936 [HIGH] CWE-297 PostgreSQL: Postgres JDBC driver does not perform host name validation by default
PostgreSQL: Postgres JDBC driver does not perform host name validation by default
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
A weakness was found in postgresql-jdbc. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was
Debian
CVE-2018-10936: libpgjava - A weakness was found in postgresql-jdbc before version 42.2.5. It was possible t...
vendor_debian·2018·CVSS 8.1
CVE-2018-10936 [HIGH] CVE-2018-10936: libpgjava - A weakness was found in postgresql-jdbc before version 42.2.5. It was possible t...
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
Scope: local
bookworm: resolved (fixed in 42.2.5-1)
bullseye: resolved (fixed in 42.2.5-1)
forky: resolved (fixed in 42.2.5-1)
sid: resolved (fixed in 42.2.5-1)
trixie: resolved (fixed in 42.2.5-1)
OSV
sympa vulnerabilities
osv·2021-03-15·CVSS 9.8
CVE-2020-10936 sympa vulnerabilities
sympa vulnerabilities
USN-4442-1 fixed vulnerabilities in Sympa. This update provides the
corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu
20.04 ESM. Original advisory details:
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. This issue only affected Ubuntu 16.04
ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks. This issue only
OSV
sympa vulnerabilities
osv·2020-07-28·CVSS 9.8
CVE-2018-1000550 sympa vulnerabilities
sympa vulnerabilities
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. (CVE-2018-1000550)
It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks.
(CVE-2018-1000671)
Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)
GHSA
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
ghsa·2018-10-19
CVE-2018-10936 [MEDIUM] CWE-297 Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
OSV
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
osv·2018-10-19
CVE-2018-10936 [MEDIUM] Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
OSV
CVE-2018-10936: A weakness was found in postgresql-jdbc before version 42
osv·2018-08-30·CVSS 8.1
CVE-2018-10936 [HIGH] CVE-2018-10936: A weakness was found in postgresql-jdbc before version 42
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-10936 postgresql-jdbc: PostgreSQL: Postgres JDBC driver does not perform host name validation by default [fedora-all]
bugzilla·2019-01-08·CVSS 8.1
CVE-2018-10936 [HIGH] CVE-2018-10936 postgresql-jdbc: PostgreSQL: Postgres JDBC driver does not perform host name validation by default [fedora-all]
CVE-2018-10936 postgresql-jdbc: PostgreSQL: Postgres JDBC driver does not perform host name validation by default [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
Bugzilla
CVE-2018-10936 PostgreSQL: Postgres JDBC driver does not perform host name validation by default
bugzilla·2018-08-24·CVSS 8.1
CVE-2018-10936 [HIGH] CVE-2018-10936 PostgreSQL: Postgres JDBC driver does not perform host name validation by default
CVE-2018-10936 PostgreSQL: Postgres JDBC driver does not perform host name validation by default
# The Postgres JDBC driver does not perform hostname validation by default
## Vulnerability
* Product : PostgreSQL
* Component : client / JDBC Driver (Tested version:
org.postgresql:postgresql:jar:42.2.4)
* Common Weakness : 297 (Improper Validation of Certificate with Host
Mismatch)
The PostgreSQL JDBC driver (org.postgresql:postgresql) does not perform
hostname validation by default.
=> This means that SSL certificates of other hosts are blindly accepted as
long as they are trusted.
To exploit this vulnerability an attacker has to perform a
man-in-the-middle (MITM) attack between a Java application using the JDBC
driver and the PostgreSQL server it's connecting to.
=> TLS normally prote
http://www.securityfocus.com/bid/105220https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Ehttps://www.postgresql.org/about/news/1883/http://www.securityfocus.com/bid/105220https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Ehttps://www.postgresql.org/about/news/1883/
2018-08-30
Published