Description
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2010/Aug/199
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/513174/100/0/threaded
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=624764
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/42501
Scores
EPSS
0.0183
EPSS Percentile
76.4%
Details
CWE
CWE-352
Status
published
Products (8)
apache/couchdb
0.8.0
apache/couchdb
0.8.1
apache/couchdb
0.9.0
apache/couchdb
0.9.1
apache/couchdb
0.9.2
apache/couchdb
0.10.0
apache/couchdb
0.10.1
apache/couchdb
0.11.0
Published
Aug 19, 2010
Tracked Since
Feb 18, 2026