Apache CouchDB < 0.11.2 Futon admin interface Cross-Site Request Forgery
Medium Nessus Plugin ID 48382
SynopsisThe remote database server is affected by a cross-site request forgery vulnerability.
DescriptionAccording to its banner, the version of CouchDB running on the remote host is affected by a cross-site request forgery vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon admin interface.
A remote attacker could exploit this to execute arbitrary script code in the security context of CouchDB's admin interface.
SolutionUpgrade to CouchDB 0.11.2 or later.