HomePentest-Tools.com Logo

Apache CouchDB <= 1.0.3, 1.1.x <= 1.1.1, 1.2.0 Directory Traversal Vulnerability CVE-2012-5641

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache CouchDB is prone to a directory traversal vulnerability in the MobchiWeb component.

Risk description

On Windows systems there is a directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. A remote attacker could retrieve in binary form any CouchDB database, including the _users or _replication databases, or any other file that the user account used to run CouchDB might have read access to on the local filesystem.

Recommendation

Update to version 1.0.4, 1.1.2, 1.2.1 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 18, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available