Detections
Analytics
CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery
medium Nessus Network Monitor Plugin ID 5642
Synopsis
The remote database server is vulnerable to a cross-site request forgery attack.Description
The remote host is running CouchDB, a document-oriented database.Versions of CouchDB earlier than 0.11.2 are potentially affected by a cross-site request forgery vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon administrative interface.
remote attacker could exploit this to execute arbitrary script code in the security context of CouchDB's admin interface.
Solution
Upgrade to CouchDB 0.11.2 or later.See Also
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0200.html
Plugin Details
Severity: Medium
ID: 5642
Family: Database
Published: 8/17/2010
Updated: 3/6/2019
Nessus ID: 48382
Risk Information
VPR
Risk Factor: Medium
Score: 5.8
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.6
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 5.2
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:apache:couchdb
Patch Publication Date: 8/17/2010
Vulnerability Publication Date: 8/17/2010
Reference Information
CVE: CVE-2010-2234
BID: 42501