Vulnerability Details : CVE-2013-1900
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
Products affected by CVE-2013-1900
- cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:8.4.16:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Threat overview for CVE-2013-1900
Top countries where our scanners detected CVE-2013-1900
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2013-1900 31,470
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1900!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1900
0.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1900
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2013-1900
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1900
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
[security-announce] openSUSE-SU-2013:0628-1: important: postgresql92: Va
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
[security-announce] openSUSE-SU-2013:0635-1: important: postgresql: secu
-
http://www.postgresql.org/docs/current/static/release-9-2-4.html
PostgreSQL: Documentation: 9.2: Release 9.2.4
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
mandriva.com
-
http://www.debian.org/security/2013/dsa-2658
Debian -- Security Information -- DSA-2658-1 postgresql-9.1
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
[security-announce] openSUSE-SU-2013:0627-1: important: postgresql91 to
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
-
http://support.apple.com/kb/HT5880
About the security content of OS X Mountain Lion v10.8.5 and Security Update 2013-004 - Apple Support
-
http://www.debian.org/security/2013/dsa-2657
Debian -- Security Information -- DSA-2657-1 postgresql-8.4
-
http://www.ubuntu.com/usn/USN-1789-1
USN-1789-1: PostgreSQL vulnerabilities | Ubuntu security notices
-
http://support.apple.com/kb/HT5892
About the security content of OS X Server v2.2.2 - Apple Support
-
http://www.postgresql.org/docs/current/static/release-9-1-9.html
PostgreSQL: Documentation: 9.1: Release 9.1.9
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
[security-announce] SUSE-SU-2013:0633-1: important: Security update for
-
http://www.postgresql.org/docs/current/static/release-9-0-13.html
PostgreSQL: Documentation: 9.0: Release 9.0.13
-
http://www.postgresql.org/about/news/1456/
PostgreSQL: PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 releasedVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1475.html
RHSA-2013:1475 - Security Advisory - Red Hat Customer Portal
-
http://www.postgresql.org/docs/current/static/release-8-4-17.html
PostgreSQL: Documentation: 8.4: Release 8.4.17
-
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Apple - Lists.apple.com
Jump to