This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Updated couchdb packages fix security vulnerabilities :
A security flaw was found in the way Apache CouchDB, a
distributed,fault- tolerant and schema-free document-oriented database
accessible via a RESTful HTTP/JSON API, processed certain JSON
callback. A remote attacker could provide a specially crafted JSON
callback that, when processed could lead to arbitrary JSON code
execution via Adobe Flash (CVE-2012-5649).
A DOM based cross-site scripting (XSS) flaw was found in the way
browser- based test suite of Apache CouchDB, a distributed,
fault-tolerant and schema-free document-oriented database accessible
via a RESTful HTTP/JSON API, processed certain query parameters. A
remote attacker could provide a specially crafted web page that, when
accessed could lead to arbitrary web script or HTML execution in the
context of a CouchDB user session (CVE-2012-5650).
Update the affected couchdb and / or couchdb-bin packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false