CVE-2011-2483

CVE Details

Release Date:2011-08-25

Description


crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

See more information about CVE-2011-2483 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 5 Base Metrics: AV:N/AC:L/Au:N/C:P/I:N/A:N
Access Vector: Network Attack Complexity: Low
Authentication: None required Confidentiality Impact: Partial
Integrity Impact: None Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Enterprise Linux version 4 (postgresql)ELSA-2011-13772011-10-17
Oracle Linux version 5 (php53)ELSA-2011-14232011-11-02
Oracle Linux version 5 (postgresql)ELSA-2011-13772011-10-17
Oracle Linux version 5 (postgresql84)ELSA-2011-13782011-10-17
Oracle Linux version 6 (php)ELSA-2011-14232011-11-02
Oracle Linux version 6 (postgresql)ELSA-2011-13772011-10-17



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete