Cross-Site Request Forgery in Apache CouchDB Affecting Multiple Versions
CVE-2010-2234

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 19 August 2010

What is CVE-2010-2234?

A cross-site request forgery vulnerability exists in Apache CouchDB versions 0.8.0 through 0.11.0. This flaw allows remote attackers to exploit the authentication mechanisms of administrators, enabling them to issue unauthorized requests to the installation URL. As a result, administrators could be misled into performing malicious actions, potentially compromising the integrity and security of the CouchDB installation.

References

http://seclists.org/fulldisclosure/2010/Aug/199

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/513174/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://bugzilla.redhat.com/show_bug.cgi?id=624764

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2010
Vulnerability Reserved
Jun 9, 2010