Detections
Analytics
PostgreSQL 9.3 < 9.3.10 / 9.4 < 9.4.5 DoS
medium Nessus Network Monitor Plugin ID 9263
Synopsis
The database running on the remote server is affected by a denial of service vulnerability.Description
The version of PostgreSQL installed on the remote host is 9.3.x prior to 9.3.10, or 9.4.x prior to 9.4.5 and is affected by a denial of service (DoS) vulnerability. This may allow an authenticated attacker to cause the server to crash when handling the specially crafted JSON request.Solution
Upgrade to PostgreSQL 9.4.5, or later. If 9.4.x cannot be obtained, 9.3.10 is also patched for this vulnerability.See Also
http://www.postgresql.org/about/news/1615
http://seclists.org/bugtraq/2015/Oct/83
http://www.postgresql.org/docs/9.3/static/release-9-3-10.html
http://www.postgresql.org/docs/9.4/static/release-9-4-5.html
Plugin Details
Severity: Medium
ID: 9263
Family: Database
Published: 4/22/2016
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 6.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:postgresql:postgresql
Patch Publication Date: 10/8/2015
Vulnerability Publication Date: 10/8/2015
Reference Information
CVE: CVE-2015-5289
BID: 77048