CVE-2017-7485

CVE-2017-7485

Vendor The Postgresql Global Development Group
Product PostgreSQL
Weakness CWE-390
Published May 12, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.

Key dates

02Disclosure timeline

May 12, 2017 CVE published
August 5, 2024 Record updated