CVE-2012-5641

Apache CouchDB < 1.0.4, 1.1.x < 1.1.2, 1.2.x < 1.2.1 - Path Traversal via MochiWeb Partition2 Function

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57313
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81240
Exploit, Patch x_refsource_confirm
https://github.com/melkote/mochiweb/commit/ac2bf
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Jan/81
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51765
Issue Tracking x_refsource_confirm
https://github.com/mochi/mochiweb/issues/92

Scores

EPSS 0.0895
EPSS Percentile 94.6%

Details

CWE
CWE-22
Status published
Products (13)
apache/couchdb 1.0.0
apache/couchdb 1.0.1
apache/couchdb 1.0.2
apache/couchdb 1.1.0
apache/couchdb 1.1.1
apache/couchdb 1.2.0
apache/couchdb < 1.0.3
mochiweb_project/mochiweb 2.1.0
mochiweb_project/mochiweb 2.2.0
mochiweb_project/mochiweb 2.2.1
... and 3 more
Published Mar 18, 2014
Tracked Since Feb 18, 2026