CVE-2014-2668

Apache CouchDB < 1.5.0 - Denial of Service via /_uuids Count Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2668. PoCs published by Krusty Hack.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in CouchDB by sending a maliciously large integer value in the 'count' parameter of the _uuids endpoint, causing excessive resource consumption.

Description

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Krusty Hack · textdosmultiple
https://www.exploit-db.com/exploits/32519

This exploit triggers a denial-of-service (DoS) in CouchDB by sending a maliciously large integer value in the 'count' parameter of the _uuids endpoint, causing excessive resource consumption.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apache CouchDB up to 1.5.0
No auth needed
Prerequisites: Network access to the CouchDB server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/92161
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66474
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57572
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32519
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029967
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/125889

Scores

EPSS 0.2212
EPSS Percentile 97.4%

Details

CWE
CWE-20
Status published
Products (1)
apache/couchdb < 1.5.0
Published Mar 28, 2014
Tracked Since Feb 18, 2026