Home > Vulnerability Database > CVE-2010-0009

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2010-0009

Date: April 5, 2010

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

Severity Score

4.2

Related Resources (10)

Url: http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-0009

Url: http://couchdb.apache.org/security.html

Url: http://www.securityfocus.com/bid/39116

Url: https://bugzilla.redhat.com/show_bug.cgi?id=578572

Url: http://secunia.com/advisories/39146

Url: http://www.securityfocus.com/archive/1/510427/100/0/threaded

Url: http://www.osvdb.org/63350

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0009

Url: https://www.mend.io/vulnerability-database/CVE-2010-0009

Severity Score

4.2

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us