VDB
ALPINE-CVE-2017-7485
ALPINE-CVE-2017-7485
PUBLISHED
CVSS 5.900000095367432 MEDIUM
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
Risk Scores
CVSS v3.0
5.900000095367432
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | postgresql15 | 0, 0, 0 |
| Alpine:v3.4 | postgresql | 8.4.2-r0, 8.4.2-r1, 8.4.3-r0 |
| Alpine:v3.7 | postgresql | 8.3.7-r2, 8.3.7-r0, 8.4.0-r1 |
| Alpine:v3.14 | postgresql | 9.0.1-r0, 8.4.4-r0, 8.4.3-r3 |
| Alpine:v3.3 | postgresql | 9.4.9-r0, 0, 8.3.5-r0 |
| Alpine:v3.16 | postgresql14 | 9.3.1-r0, 9.6.2-r4, 9.6.2-r3 |
| Alpine:v3.5 | postgresql | 9.0.2-r0, 9.3.0-r0, 9.3.0-r1 |
| Alpine:v3.19 | postgresql15 | 0, 0, 0 |
| Alpine:v3.12 | postgresql | 9.1.0-r0, 9.1.0-r1, 9.1.1-r0 |
| Alpine:v3.11 | postgresql | 8.4.2-r0, 9.3.4-r0, 9.5.4-r0 |
| Alpine:v3.13 | postgresql | 9.6.2-r3, 8.4.0-r2, 8.4.1-r0 |
| Alpine:v3.18 | postgresql15 | 0, 0, 0 |
| Alpine:v3.17 | postgresql14 | 0, 9.6.2-r4, 9.6.2-r3 |
| Alpine:v3.9 | postgresql | 8.4.3-r2, 0, 8.3.5-r0 |
| Alpine:v3.15 | postgresql14 | 0, 9.6.2-r4, 9.6.2-r3 |
| Alpine:v3.8 | postgresql | 0, 9.6.2-r4, 9.6.2-r3 |
| Alpine:v3.6 | postgresql | 9.1.2-r0, 9.1.1-r2, 9.1.0-r0 |
| Alpine:v3.18 | postgresql14 | 9.0.3-r1, 9.0.2-r0, 9.0.1-r0 |
| Alpine:v3.20 | postgresql15 | 0, 0, 0 |
| Alpine:v3.10 | postgresql | 9.0.2-r0, 9.0.3-r0, 9.0.3-r1 |
Timeline
- May 12, 2017 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch