CVE-2012-5641
Apache CouchDB < 1.0.4, 1.1.x < 1.1.2, 1.2.x < 1.2.1 - Path Traversal via MochiWeb Partition2 Function
Title source: llmDescription
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/57313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81240
Exploit, Patch x_refsource_confirm
https://github.com/melkote/mochiweb/commit/ac2bf
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Jan/81
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51765
Issue Tracking x_refsource_confirm
https://github.com/mochi/mochiweb/issues/92
Scores
EPSS
0.0895
EPSS Percentile
94.6%
Details
CWE
CWE-22
Status
published
Products (13)
apache/couchdb
1.0.0
apache/couchdb
1.0.1
apache/couchdb
1.0.2
apache/couchdb
1.1.0
apache/couchdb
1.1.1
apache/couchdb
1.2.0
apache/couchdb
< 1.0.3
mochiweb_project/mochiweb
2.1.0
mochiweb_project/mochiweb
2.2.0
mochiweb_project/mochiweb
2.2.1
... and 3 more
Published
Mar 18, 2014
Tracked Since
Feb 18, 2026