[<prev] [next>] [day] [month] [year] [list]
Message-Id: <D8573F7D-1848-4E9C-A4D6-E3B817136A0D@apache.org>
Date: Mon, 14 Jan 2013 11:05:56 +0100
From: Jan Lehnardt <jan@...che.org>
To: "user@...chdb.apache.org" <user@...chdb.apache.org>,
"security@...chdb.apache.org" <security@...chdb.apache.org>,
"security@...che.org" <security@...che.org>,
full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: CVE-2012-5649 Apache CouchDB JSONP arbitrary code
execution with Adobe Flash
CVE-2012-5649
JSONP arbitrary code execution with Adobe Flash
Severity: Moderate
Vendor: The Apache Software Foundation
Affected Versions:
JSONP is supported but disabled by default in all currently supported
releases of Apache CouchDB. Administrator access is required to enable it.
Releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable, if
administrators have enabled JSONP.
Description:
A hand-crafted JSONP callback and response can be used to run
arbitrary code inside client-side browsers via Adobe Flash.
Mitigation:
Upgrade to a supported release that includes this fix, such as
CouchDB 1.0.4, 1.1.2, 1.2.1, and the future 1.3.x series, all of which
include a specific fix.
Work-Around:
Disable JSONP.
Jan Lehnardt
--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists