CouchDB Message Digest Verification Security Bypass Vulnerability Network Vulnerability

Summary

CouchDB is prone to a security-bypass vulnerability because it compares message digests using a variable time algorithm. Successfully exploiting this issue allows an attacker to determine if a forged digest is partially correct repeated attacks will allow them to determine specific, legitimate digests. Versions prior to CouchDB 0.11 are vulnerable.

Solution

The vendor has released updates. Please see the references for details.

References

http://couchdb.apache.org/
http://www.securityfocus.com/bid/39116

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0009

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Oracle MySQL Multiple Unspecified vulnerabilities - 02 May14 (Windows)
MySQL Unspecified vulnerabilities-01 July-2013 (Windows)
IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win)
Oracle Database 'XML DB component' Unspecified vulnerability
Oracle MySQL Multiple Unspecified vulnerabilities-01 Oct-2013 (Windows)

Take action and discover your vulnerabilities