CVE-2012-5649

Related Files

Mandriva Linux Security Advisory 2013-067

Posted Apr 8, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-067 - A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a specially-crafted JSON callback that, when processed could lead to arbitrary JSON code execution via Adobe Flash. A DOM based cross-site scripting flaw was found in the way browser- based test suite of Apache CouchDB, a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain query parameters. A remote attacker could provide a specially-crafted web page that, when accessed could lead to arbitrary web script or HTML execution in the context of a CouchDB user session.

tags | advisory, remote, web, arbitrary, code execution, xss

systems | linux, mandriva

advisories | CVE-2012-5649, CVE-2012-5650

SHA-256 | 27e3ca3316198e92252740ae172715149864d7743816d5b31b45c4c661c48195

Download | Favorite | View

Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 JSONP Adobe Code Execution

Posted Jan 14, 2013

Authored by Jan Lehnardt | Site couchdb.apache.org

A hand-crafted JSONP callback and response can be used to run arbitrary code inside client-side browsers via Adobe Flash in Apache CouchDB versions up to and including 1.0.3, 1.1.1, and 1.2.0.

tags | advisory, arbitrary

advisories | CVE-2012-5649

SHA-256 | 5a2dd81bafd715b2feba5ff5376839517a8c160f8e3cf3ca974c5d881e77a6d6

Download | Favorite | View