Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2668

CWE-20 ā€” Improper Input Validation7 documents5 sources
Severity
5.0MEDIUM
EPSS
40.4%
top 2.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Couchdb
Timeline
PublishedMar 28
Latest updateMay 17

Description

Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

ā–¶NVDapache/couchdb1.5.0

šŸ”“Vulnerability Details

2
GHSA
GHSA-pgjj-9j9g-vrr7: Apache CouchDB 1ā†—2022-05-17
ā–¶
CVEList
CVE-2014-2668: Apache CouchDB 1ā†—2014-03-28
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Apache CouchDB 1.5.0 - 'uuids' Denial of Serviceā†—2014-03-26
ā–¶

šŸ’¬Community

3
Bugzilla
CVE-2014-2668 couchdb: remote denial of service flawā†—2014-03-28
ā–¶
Bugzilla
CVE-2014-2668 couchdb: remote denial of service flaw [epel-all]ā†—2014-03-28
ā–¶
Bugzilla
CVE-2014-2668 couchdb: remote denial of service flaw [fedora-all]ā†—2014-03-28
ā–¶
CVE-2014-2668 (MEDIUM CVSS 5) | Apache CouchDB 1.5.0 and earlier al | cvebase.io