Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-5641

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.

Published

2014-03-18T17:02:49.637

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	couchdb	≤ 1.0.3	Yes
Application	apache	couchdb	1.0.0	Yes
Application	apache	couchdb	1.0.1	Yes
Application	apache	couchdb	1.0.2	Yes
Application	apache	couchdb	1.1.0	Yes
Application	apache	couchdb	1.1.1	Yes
Application	apache	couchdb	1.2.0	Yes
Application	mochiweb_project	mochiweb	≤ 2.3.2	Yes
Application	mochiweb_project	mochiweb	2.1.0	Yes
Application	mochiweb_project	mochiweb	2.2.0	Yes
Application	mochiweb_project	mochiweb	2.2.1	Yes
Application	mochiweb_project	mochiweb	2.3.0	Yes
Application	mochiweb_project	mochiweb	2.3.1	Yes

References

http://seclists.org/fulldisclosure/2013/Jan/81 ([email protected])
http://secunia.com/advisories/51765 ([email protected])
http://www.securityfocus.com/bid/57313 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/81240 ([email protected])
https://github.com/melkote/mochiweb/commit/ac2bf Exploit, Patch ([email protected])
https://github.com/mochi/mochiweb/issues/92 ([email protected])
http://seclists.org/fulldisclosure/2013/Jan/81 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/51765 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/57313 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/81240 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/melkote/mochiweb/commit/ac2bf Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/mochi/mochiweb/issues/92 (af854a3a-2127-422b-91ae-364da2661108)