cve/2012/CVE-2012-0867.md

### [CVE-2012-0867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/DButter/whitehat_public
- https://github.com/Dokukin1/Metasploitable
- https://github.com/Furious992/HW13-01
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/NikulinMS/13-01-hw
- https://github.com/Zhivarev/13-01-hw
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/mrt2h/DZ
- https://github.com/pedr0alencar/vlab-metasploitable2
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/zzzWTF/db-13-01
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2012-0867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0867)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### Description`

			`PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/DButter/whitehat_public`
			`- https://github.com/Dokukin1/Metasploitable`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/Furious992/HW13-01`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/Iknowmyname/Nmap-Scans-M2`
			`- https://github.com/NikulinMS/13-01-hw`
			`- https://github.com/Zhivarev/13-01-hw`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/lekctut/sdb-hw-13-01`
			`- https://github.com/mrt2h/DZ`
			`- https://github.com/pedr0alencar/vlab-metasploitable2`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems`
			`- https://github.com/zzzWTF/db-13-01`