Denial of Service Vulnerability in Apache CouchDB by Remote Attackers
CVE-2014-2668

Currently unrated

Key Information:

Vendor: Apache
Status: Couchdb
Vendor: CVE Published:; 28 March 2014

Summary

Apache CouchDB versions 1.5.0 and earlier are susceptible to a denial of service attack. This vulnerability allows remote attackers to exploit the 'count' parameter in the /_uuids endpoint, leading to excessive CPU and memory consumption. By manipulating the request, attackers can disrupt normal operations, rendering the database unavailable to legitimate users. Organizations using affected versions of CouchDB should upgrade to the latest version to safeguard against this issue.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/92161

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/66474

vdb-entryx_refsource_BID

http://secunia.com/advisories/57572

third-party-advisoryx_refsource_SECUNIA

EPSS Score

44% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 28, 2014
Vulnerability Reserved
Mar 28, 2014