icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

CouchDB < 0.11.0 Timing Attack Vulnerability

Medium

Synopsis

The remote host is affected by an information disclosure vulnerability.

Description

The remote host is running CouchDB, a document-oriented database. The installed version of CouchDB is earlier than 0.11.0. Such versions are potentially affected by an information disclosure vulnerability via a timing attack caused by a break-on-equality string comparison when verifying hashes or passwords.

Solution

Upgrade to CouchDB 0.11.0 or later.