CVE-2010-2234

Published: Aug 19, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.

Affected (8)

Products: Apache: Couchdb

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apache Couchdb	Version 0.10.0
Apache Couchdb	Version 0.10.1
Apache Couchdb	Version 0.11.0
Apache Couchdb	Version 0.8.0
Apache Couchdb	Version 0.8.1
Apache Couchdb	Version 0.9.0
Apache Couchdb	Version 0.9.1
Apache Couchdb	Version 0.9.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://seclists.org/fulldisclosure/2010/Aug/199

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/513174/100/0/threaded

Source: secalert@redhat.com

http://www.securityfocus.com/bid/42501

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=624764

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2010/Aug/199

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/513174/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/42501

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=624764

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.