Directory Traversal Vulnerability in MochiWeb Affecting Apache CouchDB
CVE-2012-5641

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb; Mochiweb
Vendor: CVE Published:; 18 March 2014

Summary

A directory traversal vulnerability exists in the partition2 function of mochiweb_util.erl in MochiWeb versions prior to 2.4.0. This vulnerability impacts Apache CouchDB versions earlier than 1.0.4 and also affects 1.1.x and 1.2.x versions prior to their respective updates. By exploiting this flaw, remote attackers can manipulate the URI to access arbitrary files on the server, facilitated by the use of unescaped backslashes. This concern highlights the need for robust input validation and security measures within web applications.

References

http://www.securityfocus.com/bid/57313

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2013/Jan/81

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/51765

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 18, 2014
Vulnerability Reserved
Oct 24, 2012