CouchDB Message Digest Verification Security Bypass Vulnerability Network Vulnerability

Summary

CouchDB is prone to a security-bypass vulnerability because it compares message digests using a variable time algorithm. Successfully exploiting this issue allows an attacker to determine if a forged digest is partially correct repeated attacks will allow them to determine specific, legitimate digests. Versions prior to CouchDB 0.11 are vulnerable.

Solution

The vendor has released updates. Please see the references for details.

References

http://couchdb.apache.org/
http://www.securityfocus.com/bid/39116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0009
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Oracle MySQL Multiple Unspecified vulnerabilities-04 Feb15 (Windows)
MySQL mysqlhotcopy script insecure temporary file
MySQL Authentication Error Message User Enumeration Vulnerability
Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities-01 Oct-2013 (Windows)

Take action and discover your vulnerabilities