CVE-2010-0009

CWE-200 — Information Exposure7 documents6 sources

Severity

4.3MEDIUM

EPSS

0.6%

top 29.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Couchdb

Timeline

PublishedApr 5

Latest updateMay 2

Description

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/couchdb7 versions+6

Patches

Patch: couchdb.apache.org ↗Patch: couchdb.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-jwf7-c2x3-76h8: Apache CouchDB 0↗2022-05-02

▶

CVEList

CVE-2010-0009: Apache CouchDB 0↗2010-04-05

▶

💥Exploits & PoCs

Exploit-DB

PuTTy.exe 0.53 - Remote Buffer Overflow (Metasploit)↗2010-06-15

▶

📋Vendor Advisories

Red Hat

Apache CouchDB v0.10.0 prone to timing attacks vulnerability↗2010-03-31

▶

💬Community

Bugzilla

CVE-2010-0009 Apache CouchDB v0.10.0 prone to timing attacks vulnerability↗2010-03-31

▶