Remote Information Disclosure in Apache CouchDB by Measuring Operation Times
CVE-2010-0009

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 5 April 2010

Summary

Apache CouchDB versions 0.8.0 to 0.10.1 are susceptible to a timing attack that allows remote attackers to gain access to sensitive information. By analyzing the time taken to complete operations that verify hashes or passwords, an attacker can discern underlying data. This vulnerability emphasizes the need for improved protection mechanisms against timing-related data leaks in the affected versions.

References

http://www.securityfocus.com/bid/39116

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=578572

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/510427/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 5, 2010
Vulnerability Reserved
Dec 14, 2009