V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2015-3167
DEB
High

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses dif…

CVSS
7.5
High
EPSS
0.04
p89
Published
2015-01-01
Updated
2015-01-01
Description

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.

Tags · CWE
Pre-authInformation disclosure
CWE-200
CWE-209
CAPEC-7
CAPEC-13
CAPEC-22
CAPEC-54
CAPEC-59
CAPEC-60
CAPEC-79
CAPEC-116
CAPEC-169
CAPEC-215
CAPEC-224
CAPEC-285
CAPEC-287
CAPEC-290
CAPEC-291
CAPEC-292
CAPEC-293
CAPEC-294
CAPEC-295
CAPEC-296
CAPEC-297
CAPEC-298
CAPEC-299
CAPEC-300
CAPEC-301
CAPEC-302
CAPEC-303
CAPEC-304
CAPEC-305
CAPEC-306
CAPEC-307
CAPEC-308
CAPEC-309
CAPEC-310
CAPEC-312
CAPEC-313
CAPEC-317
CAPEC-318
CAPEC-319
CAPEC-320
CAPEC-321
CAPEC-322
CAPEC-323
CAPEC-324
CAPEC-325
CAPEC-326
CAPEC-327
CAPEC-328
CAPEC-329
CAPEC-330
CAPEC-463
CAPEC-472
CAPEC-497
CAPEC-508
CAPEC-573
CAPEC-574
CAPEC-575
CAPEC-576
CAPEC-577
CAPEC-616
CAPEC-643
CAPEC-646
CAPEC-651
Affected products
PostgresqlPostgresqlPostgresql-8.4Postgresql-8.4Postgresql-9.1Postgresql-9.1Postgresql-9.3Postgresql-9.4Postgresql-9.4Postgresql-9.4Postgresql-9.4Postgresql92-postgresqlPostgresql92-postgresqlPostgresql92-postgresqlPostgresql92-postgresqlPostgresql92-postgresqlRh-postgresql94-postgresqlRh-postgresql94-postgresqlRh-postgresql94-postgresqlRh-postgresql94-postgresql
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Timeline
2015-01-01
Published
2015-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.040 · p89
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-574 · CWE-200
└ via CAPEC-309 · CWE-200
└ via CAPEC-292 · CWE-200
└ via CAPEC-577 · CWE-200
└ via CAPEC-616 · CWE-200
└ via CAPEC-300 · CWE-200
└ via CAPEC-309 · CWE-200
└ via CAPEC-573 · CWE-200
└ via CAPEC-576 · CWE-200
└ via CAPEC-312 · CWE-200
└ via CAPEC-497 · CWE-200
└ via CAPEC-575 · CWE-200
└ via CAPEC-651 · CWE-200
└ via CAPEC-646 · CWE-200
└ via CAPEC-295 · CWE-200
└ via CAPEC-60 · CWE-200
└ via CAPEC-643 · CWE-200
└ via CAPEC-169 · CWE-200
└ via CAPEC-60 · CWE-200
└ via CAPEC-13 · CWE-200
└ via CAPEC-13 · CWE-200
└ via CAPEC-309 · CWE-200
└ via CAPEC-169 · CWE-200
└ via CAPEC-169 · CWE-200
└ via CAPEC-576 · CWE-200
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Debian LinuxPostgresql-9.1Postgresql-8.4Postgresql-9.4
Canonical
Ubuntu LinuxPostgresql-9.1Postgresql-9.3Postgresql-9.4
Red Hat
PostgresqlPostgresql92-postgresqlRh-postgresql94-postgresql
Postgresql
Postgresql
ProductVendorStatus
postgresqlTracked
postgresqlTracked
postgresql-8.4Tracked
postgresql-8.4Tracked
postgresql-9.1Tracked
postgresql-9.1Tracked
postgresql-9.3Tracked
postgresql-9.4Tracked
postgresql-9.4Tracked
postgresql-9.4Tracked
postgresql-9.4Tracked
postgresql92-postgresqlTracked
postgresql92-postgresqlTracked
postgresql92-postgresqlTracked
postgresql92-postgresqlTracked
postgresql92-postgresqlTracked
rh-postgresql94-postgresqlTracked
rh-postgresql94-postgresqlTracked
rh-postgresql94-postgresqlTracked
rh-postgresql94-postgresqlTracked
Showing first 20 of 24
Source databases
DEB
CVE
RED
UBU