Apache CouchDB Cross Site Request Forgery Vulnerability Network Vulnerability

Summary

Apache CouchDB is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to gain unauthorized access to the affected application and perform certain actions in the context of the 'Futon' administration interface other attacks are also possible. Versions prior to CouchDB 0.11.1 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://couchdb.apache.org/
http://couchdb.apache.org/downloads.html
http://wiki.apache.org/couchdb/Breaking_changes
https://www.securityfocus.com/bid/42501

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2234
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
Apache Open For Business HTML injection vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
A Really Simple Chat Multiple XSS Vulnerabilities

Take action and discover your vulnerabilities