Test ID:	1.3.6.1.4.1.25623.1.0.105903
Category:	Databases
Title:	Apache CouchDB <= 1.0.3, 1.1.x <= 1.1.1, 1.2.0 Directory Traversal Vulnerability
Summary:	Apache CouchDB is prone to a directory traversal vulnerability in; the MobchiWeb component.
Description:	Summary: Apache CouchDB is prone to a directory traversal vulnerability in the MobchiWeb component. Vulnerability Insight: On Windows systems there is a directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI. Vulnerability Impact: A remote attacker could retrieve in binary form any CouchDB database, including the _users or _replication databases, or any other file that the user account used to run CouchDB might have read access to on the local filesystem. Affected Software/OS: Apache CouchDB version 1.0.3 and prior, 1.1.x through 1.1.1 and 1.2.0 on Windows. Solution: Update to version 1.0.4, 1.1.2, 1.2.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5641 BugTraq ID: 57313 http://www.securityfocus.com/bid/57313 http://seclists.org/fulldisclosure/2013/Jan/81 http://secunia.com/advisories/51765 XForce ISS Database: apache-couchdb-dir-traversal(81240) https://exchange.xforce.ibmcloud.com/vulnerabilities/81240
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.