CVE-2016-0766

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
postgresqlpostgresql
9.1.0 ≤
𝑥
< 9.1.20
postgresqlpostgresql
9.2 ≤
𝑥
< 9.2.15
postgresqlpostgresql
9.3 ≤
𝑥
< 9.3.11
postgresqlpostgresql
9.4 ≤
𝑥
< 9.4.6
postgresqlpostgresql
9.5
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
debiandebian_linux
7.0
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
postgresql-9.1
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
Fixed 9.1.20-0ubuntu0.14.04
released
precise
Fixed 9.1.20-0ubuntu0.12.04
released
postgresql-9.3
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
Fixed 9.3.11-0ubuntu0.14.04
released
precise
dne
postgresql-9.4
zesty
dne
yakkety
dne
xenial
dne
wily
Fixed 9.4.6-0ubuntu0.15.10
released
vivid
ignored
trusty
dne
precise
dne
postgresql-9.5
zesty
dne
yakkety
not-affected
xenial
not-affected
wily
dne
vivid
dne
trusty
dne
precise
dne
Common Weakness Enumeration
References