HomePentest-Tools.com Logo

Apache CouchDB <= 1.0.3, 1.1.x <= 1.1.1, 1.2.0 Directory Traversal Vulnerability CVE-2012-5641

Not available
CVSSv3 Score
Not available
Vulnerability description

Apache CouchDB is prone to a directory traversal vulnerability in the MobchiWeb component.

Risk description

On Windows systems there is a directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. A remote attacker could retrieve in binary form any CouchDB database, including the _users or _replication databases, or any other file that the user account used to run CouchDB might have read access to on the local filesystem.


Update to version 1.0.4, 1.1.2, 1.2.1 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Mar 18, 2014
Detection added at
Software Type
Not available
Not available
Not available