CVE-2010-2234

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/fulldisclosure/2010/Aug/199
http://www.securityfocus.com/archive/1/513174/100/0/threaded
http://www.securityfocus.com/bid/42501
https://bugzilla.redhat.com/show_bug.cgi?id=624764
http://seclists.org/fulldisclosure/2010/Aug/199
http://www.securityfocus.com/archive/1/513174/100/0/threaded
http://www.securityfocus.com/bid/42501
https://bugzilla.redhat.com/show_bug.cgi?id=624764

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:couchdb:0.8.0:::::::*
	cpe:2.3:a:apache:couchdb:0.8.1:::::::*
	cpe:2.3:a:apache:couchdb:0.9.0:::::::*
	cpe:2.3:a:apache:couchdb:0.9.1:::::::*
	cpe:2.3:a:apache:couchdb:0.9.2:::::::*
	cpe:2.3:a:apache:couchdb:0.10.0:::::::*
	cpe:2.3:a:apache:couchdb:0.10.1:::::::*
	cpe:2.3:a:apache:couchdb:0.11.0:::::::*

History

21 Nov 2024, 01:16

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2010/Aug/199 -~~	() http://seclists.org/fulldisclosure/2010/Aug/199 -
References	~~() http://www.securityfocus.com/archive/1/513174/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/513174/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/42501 -~~	() http://www.securityfocus.com/bid/42501 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=624764 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=624764 -

Information

Published : 2010-08-19 22:00

Updated : 2024-11-21 01:16

NVD link : CVE-2010-2234

Mitre link : CVE-2010-2234

CVE.ORG link : CVE-2010-2234

JSON object : View

Products Affected

apache

couchdb

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2010-2234", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-08-19T22:00:01.953", "references": [{"url": "http://seclists.org/fulldisclosure/2010/Aug/199", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/42501", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764", "source": "secalert@redhat.com"}, {"url": "http://seclists.org/fulldisclosure/2010/Aug/199", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/42501", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Apache CouchDB 0.8.0 a 0.11.0, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para peticiones directas a una URL de instalaci\u00f3n."}], "lastModified": "2024-11-21T01:16:12.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:couchdb:0.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C34E385-5C4A-40B7-B885-9C4E8650951E"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "851F7B38-A8DE-4C8C-B269-17341BD65FA5"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E309D1E-3E22-4DF0-9A5C-D40640046600"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83D814EB-31BB-41DD-923D-E4379B3875E7"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59EB2847-CACC-42A1-88FF-73E638E5F9DC"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3057284C-DD40-4F03-BC6A-E41E5CF53FD9"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B8F76AB-6794-44BE-AE6B-34B52690A2DE"}, {"criteria": "cpe:2.3:a:apache:couchdb:0.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F9A741-1257-4ED3-9A70-FE2545C40742"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}