Path Traversal in Apache Couchdb

CVE-2012-5641

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.037 (88.2th percentile) — read the EPSS interpretation.

Affected products

Apache Couchdb — versions 1.0.0, 1.0.1, 1.0.2
Mochiweb_project Mochiweb — versions 2.1.0, 2.2.0, 2.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

57313 (vdb-entry, x_refsource_BID)
20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows (mailing-list, x_refsource_FULLDISC)
51765 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
apache-couchdb-dir-traversal(81240) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)