First published: Wed Mar 31 2010(Updated: )
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache CouchDB | =0.9.0 | |
Apache CouchDB | =0.9.1 | |
Apache CouchDB | =0.8.1 | |
Apache CouchDB | =0.10.1 | |
Apache CouchDB | =0.9.2 | |
Apache CouchDB | =0.10.0 | |
Apache CouchDB | =0.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-0009 is classified as a medium severity vulnerability due to its potential for data exposure via timing attacks.
To mitigate CVE-2010-0009, upgrade to Apache CouchDB version 0.11.0 or later which addresses the timing attack flaw.
CVE-2010-0009 affects Apache CouchDB versions 0.8.0 through 0.10.1.
Yes, CVE-2010-0009 can allow remote attackers to glean sensitive information by analyzing the completion timing of certain operations.
Yes, the latest version 0.11.0 of Apache CouchDB includes a patch for the vulnerabilities described in CVE-2010-0009.