BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Apache CouchDB UUIDs Request Denial of Service Vulnerability

Disclosed March 24, 2014    Zeroday : 131 days

Vulnerability Description:

CouchDB contains a vulnerability whereby a request with a very large _uuid count can cause the CouchDB process to stop responding. This causes a denial of service condition, and may require a machine restart in order to recover.

Vendors:

Apache Software Foundation

Vulnerable Software/Devices:

CouchDB 1.5.0 and possibly other versions

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Denial of Service
Exploitation of this vulnerability will cause CouchDB to become unresponsive, causing a denial of service condition.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 33389 - Apache CouchDB 1.5.0 and Prior Denial of Service

Mitigation:

Filter GET requests with an unusually large _uuid count, such as the one demonstrated in the proof of concept.

Links:

CVE(s):