CVE-2020-9041
First published: Mon Jun 08 2020(Updated: )
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Couchbase Couchbase Server | =6.0.3 | |
| Couchbase Sync Gateway | <=2.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Couchbase Server and Sync Gateway vulnerability?
The vulnerability ID for this Couchbase Server and Sync Gateway vulnerability is CVE-2020-9041.
What is the title of this vulnerability?
The title of this vulnerability is 'In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0 the Cluster management views quer…'
Which components are affected by this vulnerability?
Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0 are affected by this vulnerability.
What is the severity of CVE-2020-9041 vulnerability?
The severity of the CVE-2020-9041 vulnerability is high, with a CVSS severity score of 7.5.
How can I fix the CVE-2020-9041 vulnerability?
To fix the CVE-2020-9041 vulnerability, update to the latest version of Couchbase Server and Couchbase Sync Gateway.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/couchbase
- canonical/couchbase couchbase server
- version/couchbase couchbase server/6.0.3
- canonical/couchbase sync gateway
- version/couchbase sync gateway/2.7.0