Apache CouchDB Cross Site Request Forgery Vulnerability Network Vulnerability

Summary

Apache CouchDB is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to gain unauthorized access to the affected application and perform certain actions in the context of the 'Futon' administration interface other attacks are also possible. Versions prior to CouchDB 0.11.1 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://couchdb.apache.org/
http://couchdb.apache.org/downloads.html
http://wiki.apache.org/couchdb/Breaking_changes
https://www.securityfocus.com/bid/42501

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2234

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A Really Simple Chat Multiple XSS Vulnerabilities
7Media Web Solutions EduTrac Directory Traversal Vulnerability
/doc directory browsable ?
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities