Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6796.PRM
HistoryMay 08, 2013 - 12:00 a.m.

Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities

2013-05-0800:00:00
Tenable
www.tenable.com
14

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.058 Low

EPSS

Percentile

93.4%

JSON

The remote host is running CouchDB, a document-oriented database.

Versions of CouchDB earlier than 1.0.4, 1.1.x earlier than 1.1.2 or 1.2.x earlier than 1.2.1. It is therefore potentially affected by the following vulnerabilities :

  • An unspecified error exists in the included MochiWeb HTTP library that can allow access to arbitrary files via directory traversal attacks. Note that reportedly, this issue only affects installs on Windows hosts. (CVE-2012-5641)

  • An error related to JSONP callbacks can allow an unspecified cross-site scripting attack. (CVE-2012-5649)

  • An input validation error exists related to unspecified query parameters and the Futon UI that can allow DOM-based cross-site scripting attacks. (CVE-2012-5650)

Binary data 6796.prm
VendorProductVersionCPE
apachecouchdbcpe:/a:apache:couchdb

Related

nessus 6
securityvulns 4
openvas 5
fedora 2
prion 3
ubuntucve 3
cvelist 3
cve 3
nvd 3
freebsd 1
nessus
nessus
Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities
2013-05-08 00:00:00
Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities
2013-01-22 00:00:00
Fedora 17 : couchdb-1.2.1-2.fc17 (2013-1387)
2013-02-04 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-01-14 00:00:00
CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI
2013-01-14 00:00:00
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows
2013-01-14 00:00:00
openvas
openvas
Fedora Update for couchdb FEDORA-2013-1375
2013-02-04 00:00:00
Fedora Update for couchdb FEDORA-2013-1387
2013-02-04 00:00:00
Fedora Update for couchdb FEDORA-2013-1387
2013-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: couchdb-1.2.1-2.fc17
2013-02-02 04:27:53
[SECURITY] Fedora 18 Update: couchdb-1.2.1-2.fc18
2013-02-02 04:25:54
prion
prion
Design/Logic Flaw
2014-05-23 14:55:00
Directory traversal
2014-03-18 17:02:00
Cross site scripting
2014-03-18 17:02:00
ubuntucve
ubuntucve
CVE-2012-5649
2014-05-23 00:00:00
CVE-2012-5650
2014-03-18 00:00:00
CVE-2012-5641
2014-03-18 00:00:00
cvelist
cvelist
CVE-2012-5649
2014-05-23 14:00:00
CVE-2012-5641
2014-03-18 14:00:00
CVE-2012-5650
2014-03-18 14:00:00
cve
cve
CVE-2012-5641
2014-03-18 17:02:49
CVE-2012-5650
2014-03-18 17:02:49
CVE-2012-5649
2014-05-23 14:55:07
nvd
nvd
CVE-2012-5649
2014-05-23 14:55:07
CVE-2012-5641
2014-03-18 17:02:49
CVE-2012-5650
2014-03-18 17:02:49
freebsd
freebsd
couchdb -- DOM based Cross-Site Scripting via Futon UI
2012-01-14 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.058 Low

EPSS

Percentile

93.4%

JSON
Related for 6796.PRM
nessus6securityvulns4openvas5fedora2prion3ubuntucve3cvelist3cve3nvd3freebsd1