CVE-2010-3854: XSS
First published: Wed Feb 02 2011(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CouchDB | =0.9.0 | |
| Apache CouchDB | =0.11.1 | |
| Apache CouchDB | =0.9.1 | |
| Apache CouchDB | =1.0.1 | |
| Apache CouchDB | =0.11.0 | |
| Apache CouchDB | =0.10.2 | |
| Apache CouchDB | =1.0.0 | |
| Apache CouchDB | =0.8.1 | |
| Apache CouchDB | =0.10.1 | |
| Apache CouchDB | =0.9.2 | |
| Apache CouchDB | =0.11.2 | |
| Apache CouchDB | =0.10.0 | |
| Apache CouchDB | =0.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/43111
- http://www.securitytracker.com/id?1025013
- http://www.securityfocus.com/bid/46066
- http://www.vupen.com/english/advisories/2011/0263
- http://osvdb.org/70734
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65050
- http://www.securityfocus.com/archive/1/516058/100/0/threaded
- http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E
Frequently Asked Questions
What are the consequences of CVE-2010-3854?
CVE-2010-3854 can result in remote attackers executing arbitrary web scripts or HTML leading to cross-site scripting (XSS) attacks.
How can I mitigate the risks associated with CVE-2010-3854?
To mitigate risks from CVE-2010-3854, it is essential to upgrade to a patched version of Apache CouchDB that addresses the cross-site scripting vulnerabilities.
Which versions of Apache CouchDB are affected by CVE-2010-3854?
CVE-2010-3854 affects Apache CouchDB versions from 0.8.0 up to and including 1.0.1.
Is CVE-2010-3854 a common vulnerability?
CVE-2010-3854 is a known vulnerability that falls under the category of cross-site scripting, which is prevalent in many web applications.
What should I do if my system is running a version affected by CVE-2010-3854?
If your system runs an affected version of Apache CouchDB, you should update to a secure version immediately to protect against potential XSS attacks.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- vendor/apache
- canonical/apache couchdb
- version/apache couchdb/0.9.0
- version/apache couchdb/0.11.1
- version/apache couchdb/0.9.1
- version/apache couchdb/1.0.1
- version/apache couchdb/0.11.0
- version/apache couchdb/0.10.2
- version/apache couchdb/1.0.0
- version/apache couchdb/0.8.1
- version/apache couchdb/0.10.1
- version/apache couchdb/0.9.2
- version/apache couchdb/0.11.2
- version/apache couchdb/0.10.0
- version/apache couchdb/0.8.0