Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5641

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-5641
Last Modified 31 May 2014 12:17:11
Published 18 Mar 2014 01:02:49
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5641

Summary

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.

Vulnerable Systems

Application

  • Apache Couchdb 1.0.0

  • Apache Couchdb 1.0.1

  • Apache Couchdb 1.0.2

  • Apache Couchdb 1.0.3

  • Apache Couchdb 1.1.0

  • Apache Couchdb 1.1.1

  • Apache Couchdb 1.2.0

  • Mochiweb Project Mochiweb 2.1.0

  • Mochiweb Project Mochiweb 2.2.0

  • Mochiweb Project Mochiweb 2.2.1

  • Mochiweb Project Mochiweb 2.3.0

  • Mochiweb Project Mochiweb 2.3.1

  • Mochiweb Project Mochiweb 2.3.2


References

CONFIRM - https://github.com/mochi/mochiweb/issues/92

CONFIRM - https://github.com/melkote/mochiweb/commit/ac2bf

XF - apache-couchdb-dir-traversal(81240)

BID - 57313

FULLDISC - 20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows

SECUNIA - 51765


Last Updated: 27 May 2016 11:04:42