CVE-2012-5650

Related Files

Mandriva Linux Security Advisory 2013-067

Posted Apr 8, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-067 - A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a specially-crafted JSON callback that, when processed could lead to arbitrary JSON code execution via Adobe Flash. A DOM based cross-site scripting flaw was found in the way browser- based test suite of Apache CouchDB, a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain query parameters. A remote attacker could provide a specially-crafted web page that, when accessed could lead to arbitrary web script or HTML execution in the context of a CouchDB user session.

tags | advisory, remote, web, arbitrary, code execution, xss

systems | linux, mandriva

advisories | CVE-2012-5649, CVE-2012-5650

SHA-256 | 27e3ca3316198e92252740ae172715149864d7743816d5b31b45c4c661c48195

Download | Favorite | View

Apache CouchDB 1.0.3 / 1.1.1 / 1.2.0 Cross Site Scripting

Posted Jan 14, 2013

Authored by Jan Lehnardt | Site couchdb.apache.org

Apache CouchDB versions up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable to a DOM based cross site scripting issue.

tags | advisory, xss

advisories | CVE-2012-5650

SHA-256 | c4a4d0ab65eac5dc5149ee6760f776cab2bbc0d6b3d641a0e367abd408c3dd9f

Download | Favorite | View