CouchDB < 0.11.2 Futon Admin Interface Cross-Site Request Forgery

Medium Nessus Network Monitor Plugin ID 5642


The remote database server is vulnerable to a cross-site request forgery attack.


The remote host is running CouchDB, a document-oriented database.

Versions of CouchDB earlier than 0.11.2 are potentially affected by a cross-site request forgery vulnerability. The application fails to properly sanitize user-supplied input before it is used in the Futon administrative interface.

remote attacker could exploit this to execute arbitrary script code in the security context of CouchDB's admin interface.


Upgrade to CouchDB 0.11.2 or later.

See Also

Plugin Details

Severity: Medium

ID: 5642

File Name: 5642.prm

Family: Database

Published: 2010/08/17

Modified: 2016/01/19

Dependencies: 1442

Nessus ID: 48382

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.2


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2010/08/17

Vulnerability Publication Date: 2010/08/17

Reference Information

CVE: CVE-2010-2234

BID: 42501

OSVDB: 67240