CVE-2018-10936

Name: CVE-2018-10936
Creator: NVD / NIST
Published: 2018-08-30T13:29:00.377+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.91%

Last modified Jun 17, 2026

CVE-2018-10936 is a vulnerability of currently unknown severity. A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. EPSS estimates a 2.91% chance of exploitation in the next 30 days.

Description

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.

Metrics

EPSS Probability

2.91%

85.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Postgresql	Postgresql Jdbc Driver	< 42.2.5
Redhat	Enterprise Linux	6.0
Redhat	Enterprise Linux	7.0

References

http://www.securityfocus.com/bid/105220Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936Issue Tracking, Mitigation, Third Party Advisory
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://www.postgresql.org/about/news/1883/Vendor Advisory
http://www.securityfocus.com/bid/105220Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10936Issue Tracking, Mitigation, Third Party Advisory
https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
https://www.postgresql.org/about/news/1883/Vendor Advisory

Timeline

Published: Aug 30, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-10936?

How severe is CVE-2018-10936?

Severity scoring for CVE-2018-10936 is pending analysis. The EPSS model estimates a 2.91% probability of exploitation in the next 30 days.

How do I fix CVE-2018-10936?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-10936?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST