Remote Code Execution Vulnerability in Apache CouchDB by Adobe Flash
CVE-2012-5649

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 23 May 2014

Summary

Apache CouchDB versions before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 are susceptible to a remote code execution vulnerability. This issue arises from improper handling of JSONP callbacks, enabling attackers to execute arbitrary code via a crafted request. The vulnerability is particularly concerning due to its association with Adobe Flash, which can be exploited by adversaries to compromise the integrity and security of affected systems.

References

http://www.securityfocus.com/bid/57314

vdb-entryx_refsource_BID

http://secunia.com/advisories/51765

third-party-advisoryx_refsource_SECUNIA

http://archives.neohapsis.com/archives/bugtraq/2013-01/00...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 23, 2014
Vulnerability Reserved
Oct 24, 2012