CVE-2010-2234
https://notcve.org/view.php?id=CVE-2010-2234
Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Apache CouchDB 0.8.0 a 0.11.0, permite a atacantes remotos secuestrar la autenticación de administradores para peticiones directas a una URL de instalación. • http://seclists.org/fulldisclosure/2010/Aug/199 http://www.securityfocus.com/archive/1/513174/100/0/threaded http://www.securityfocus.com/bid/42501 https://bugzilla.redhat.com/show_bug.cgi?id=624764 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2010-0009
https://notcve.org/view.php?id=CVE-2010-0009
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. Apache CouchDB v0.8.0 hasta v0.10.1 permite a atacantes remotos conseguir información sensible midiedfo el tiempo de completar las operaciones que verifican (1) hashes o (2) passwords. • http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html http://couchdb.apache.org/security.html http://secunia.com/advisories/39146 http://www.osvdb.org/63350 http://www.securityfocus.com/archive/1/510427/100/0/threaded http://www.securityfocus.com/bid/39116 https://bugzilla.redhat.com/show_bug.cgi?id=578572 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •