CVE-2012-5641

CWE-22 — Path Traversal3 documents3 sources

Severity

5.0MEDIUM

EPSS

3.7%

top 12.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Couchdb Mochiweb Project Mochiweb

Timeline

PublishedMar 18

Latest updateMay 17

Description

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/couchdb1.0.3+6

▶NVDmochiweb_project/mochiweb2.3.2+5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-99r9-958v-rr3x: Directory traversal vulnerability in the partition2 function in mochiweb_util↗2022-05-17

▶

CVEList

CVE-2012-5641: Directory traversal vulnerability in the partition2 function in mochiweb_util↗2014-03-18

▶