CVE-2010-0009

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 5 April 2010

Summary

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

References

http://www.securityfocus.com/bid/39116

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=578572

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/510427/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 5, 2010
Vulnerability Reserved
Dec 14, 2009