lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <D8573F7D-1848-4E9C-A4D6-E3B817136A0D@apache.org> Date: Mon, 14 Jan 2013 11:05:56 +0100 From: Jan Lehnardt <jan@...che.org> To: "user@...chdb.apache.org" <user@...chdb.apache.org>, "security@...chdb.apache.org" <security@...chdb.apache.org>, "security@...che.org" <security@...che.org>, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: CVE-2012-5649 Apache CouchDB JSONP arbitrary code execution with Adobe Flash CVE-2012-5649 JSONP arbitrary code execution with Adobe Flash Severity: Moderate Vendor: The Apache Software Foundation Affected Versions: JSONP is supported but disabled by default in all currently supported releases of Apache CouchDB. Administrator access is required to enable it. Releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable, if administrators have enabled JSONP. Description: A hand-crafted JSONP callback and response can be used to run arbitrary code inside client-side browsers via Adobe Flash. Mitigation: Upgrade to a supported release that includes this fix, such as CouchDB 1.0.4, 1.1.2, 1.2.1, and the future 1.3.x series, all of which include a specific fix. Work-Around: Disable JSONP. Jan Lehnardt --
Powered by blists - more mailing lists