Lucene search
SecurityvulnsSECURITYVULNS:DOC:28960HistoryJan 14, 2013 - 12:00 a.m.
CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash
2013-01-1400:00:00
vulners.com
26
CVE-2012-5649
JSONP arbitrary code execution with Adobe Flash
Severity: Moderate
Vendor: The Apache Software Foundation
Affected Versions:
JSONP is supported but disabled by default in all currently supported
releases of Apache CouchDB. Administrator access is required to enable it.
Releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable, if
administrators have enabled JSONP.
Description:
A hand-crafted JSONP callback and response can be used to run
arbitrary code inside client-side browsers via Adobe Flash.
Mitigation:
Upgrade to a supported release that includes this fix, such as
CouchDB 1.0.4, 1.1.2, 1.2.1, and the future 1.3.x series, all of which
include a specific fix.
Work-Around:
Disable JSONP.
Jan Lehnardt
Related
prion
prion
Design/Logic Flaw
2014-05-23 14:55:00
ubuntucve
ubuntucve
CVE-2012-5649
2014-05-23 00:00:00
cve
cve
CVE-2012-5649
2014-05-23 14:55:00
openvas
openvas
Fedora Update for couchdb FEDORA-2013-1375
2013-02-04 00:00:00
Fedora Update for couchdb FEDORA-2013-1387
2013-02-04 00:00:00
Fedora Update for couchdb FEDORA-2013-1387
2013-02-04 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: couchdb-1.2.1-2.fc17
2013-02-02 04:27:53
[SECURITY] Fedora 18 Update: couchdb-1.2.1-2.fc18
2013-02-02 04:25:54
nessus
nessus
Fedora 18 : couchdb-1.2.1-2.fc18 (2013-1375)
2013-02-04 00:00:00
Mandriva Linux Security Advisory : couchdb (MDVSA-2013:067)
2013-04-20 00:00:00
Fedora 17 : couchdb-1.2.1-2.fc17 (2013-1387)
2013-02-04 00:00:00
securityvulns
securityvulns
Related for SECURITYVULNS:DOC:28960