CouchDB Message Digest Verification Security Bypass Vulnerability Network Vulnerability

Summary

CouchDB is prone to a security-bypass vulnerability because it compares message digests using a variable time algorithm. Successfully exploiting this issue allows an attacker to determine if a forged digest is partially correct repeated attacks will allow them to determine specific, legitimate digests. Versions prior to CouchDB 0.11 are vulnerable.

Solution

The vendor has released updates. Please see the references for details.

References

http://couchdb.apache.org/
http://www.securityfocus.com/bid/39116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0009

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability
IBM DB2 OLAP Specification Query Denial of Service Vulnerability
Oracle MySQL Multiple Unspecified vulnerabilities-03 July14 (Windows)
Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)

Take action and discover your vulnerabilities