Download
| Alert*
|
oval:org.secpod.oval:def:1956
The host is installed with Apache CouchDB 0.8.0 through 1.0.1 and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are present in the application, which fail to validate user supplied input. Successful exploitation could allow an attacker to inject arbitrary code. oval:org.secpod.oval:def:1901157 Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for "roles" used for access control within the database, including the special case "_admin" role, th ... oval:org.secpod.oval:def:1901501 CouchDB administrative users can configure the database server via HTTP. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary s ... oval:org.secpod.oval:def:1954 The host is installed with Apache CouchDB 0.8.0 through 1.0.1 and is prone to multiple cross site scripting vulnerabilities. Multiple flaws are present in the application, which fail to validate user supplied input. Successful exploitation could allow an attacker to inject arbitrary code. |
