Apache CouchDB Cross Site Request Forgery Vulnerability Network Vulnerability

Summary

Apache CouchDB is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to gain unauthorized access to the affected application and perform certain actions in the context of the 'Futon' administration interface other attacks are also possible. Versions prior to CouchDB 0.11.1 are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://couchdb.apache.org/
http://couchdb.apache.org/downloads.html
http://wiki.apache.org/couchdb/Breaking_changes
https://www.securityfocus.com/bid/42501

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2234

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities