CVE-2010-0009
Apache CouchDB 0.8.0-0.10.1 - Timing Attack Exposure of Sensitive Information via Hash and Password Verification
Title source: llmDescription
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39116
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=578572
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510427/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39146
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html
Patch, Vendor Advisory x_refsource_confirm
http://couchdb.apache.org/security.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/63350
Scores
EPSS
0.0535
EPSS Percentile
91.7%
Details
CWE
CWE-200
Status
published
Products (7)
apache/couchdb
0.8.0
apache/couchdb
0.8.1
apache/couchdb
0.9.0
apache/couchdb
0.9.1
apache/couchdb
0.9.2
apache/couchdb
0.10.0
apache/couchdb
0.10.1
Published
Apr 05, 2010
Tracked Since
Feb 18, 2026