Vulnerability identifier: #VU62716
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Postgresql JDBC Driver
Universal components / Libraries /
Libraries used by multiple products
Vendor: PostgreSQL Global Development Group
Description
The vulnerability allows a remote attacker to create arbitrary files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.
Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Postgresql JDBC Driver: 42.3.0 - 42.3.2, 42.2.0 - 42.2.25, 42.1.0 - 42.1.4
External links
http://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8
http://jdbc.postgresql.org/documentation/changelog.html#version_42.3.3
http://github.com/pgjdbc/pgjdbc/pull/2454/commits/017b929977b4f85795f9ad2fa5de6e80978b8ccc
http://jdbc.postgresql.org/documentation/head/tomcat.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.