Download
| Alert*
|
oval:org.secpod.oval:def:1954
The host is installed with Apache CouchDB 0.8.0 through 1.0.1 and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are present in the application, which fail to validate user supplied input. Successful exploitation could allow an attacker to inject arbitrary code. oval:org.secpod.oval:def:1956 The host is installed with Apache CouchDB 0.8.0 through 1.0.1 and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are present in the application, which fail to validate user supplied input. Successful exploitation could allow an attacker to inject arbitrary code. oval:org.secpod.oval:def:1901157 Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for "roles" used for access control within the database, including the special case "_admin" role, th ... oval:org.secpod.oval:def:113731 Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a table-ori ... oval:org.secpod.oval:def:113742 Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API. Among other features, it provides robust, incremental replication with bi-directional conflict detection and resolution, and is queryable and indexable using a table-ori ... oval:org.secpod.oval:def:1901501 CouchDB administrative users can configure the database server via HTTP. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary s ... |
