Vulnerabilities > Apache > Couchdb > 0.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-28 | CVE-2014-2668 | Improper Input Validation vulnerability in Apache Couchdb Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids. | 5.0 |
2014-03-18 | CVE-2012-5641 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. | 5.0 |
2010-08-19 | CVE-2010-2234 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Couchdb Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. | 6.8 |
2010-04-05 | CVE-2010-0009 | Information Exposure vulnerability in Apache Couchdb Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. | 4.3 |