Summary
CouchDB is prone to a security-bypass vulnerability because it compares message digests using a variable time algorithm.
Successfully exploiting this issue allows an attacker to determine if a forged digest is partially correct
repeated attacks will allow them
to determine specific, legitimate digests.
Versions prior to CouchDB 0.11 are vulnerable.
Solution
The vendor has released updates. Please see the references for details.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-0009 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities-04 Feb15 (Windows)
- MySQL mysqlhotcopy script insecure temporary file
- MySQL Authentication Error Message User Enumeration Vulnerability
- Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)
- Oracle MySQL Multiple Unspecified vulnerabilities-01 Oct-2013 (Windows)