ID de Prueba:	1.3.6.1.4.1.25623.1.0.105903
Categoría:	Databases
Título:	Apache CouchDB <= 1.0.3, 1.1.x <= 1.1.1, 1.2.0 Directory Traversal Vulnerability
Resumen:	Apache CouchDB is prone to a directory traversal vulnerability in; the MobchiWeb component.
Descripción:	Summary: Apache CouchDB is prone to a directory traversal vulnerability in the MobchiWeb component. Vulnerability Insight: On Windows systems there is a directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Vulnerability Impact: A remote attacker could retrieve in binary form any CouchDB database, including the _users or _replication databases, or any other file that the user account used to run CouchDB might have read access to on the local filesystem. Affected Software/OS: Apache CouchDB version 1.0.3 and prior, 1.1.x through 1.1.1 and 1.2.0 on Windows. Solution: Update to version 1.0.4, 1.1.2, 1.2.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5641 BugTraq ID: 57313 http://www.securityfocus.com/bid/57313 http://seclists.org/fulldisclosure/2013/Jan/81 http://secunia.com/advisories/51765 XForce ISS Database: apache-couchdb-dir-traversal(81240) https://exchange.xforce.ibmcloud.com/vulnerabilities/81240
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.