Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb prior to 2.4.0, as used in Apache CouchDB prior to 1.0.4, 1.1.x prior to 1.1.2, and 1.2.x prior to 1.2.1, allows remote malicious users to read arbitrary files via a ..\ (dot dot backslash) in the default URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache couchdb 1.1.1 |
||
apache couchdb 1.2.0 |
||
mochiweb project mochiweb 2.3.0 |
||
mochiweb project mochiweb 2.2.1 |
||
apache couchdb 1.1.0 |
||
mochiweb project mochiweb |
||
mochiweb project mochiweb 2.3.1 |
||
apache couchdb 1.0.1 |
||
apache couchdb 1.0.0 |
||
apache couchdb |
||
apache couchdb 1.0.2 |
||
mochiweb project mochiweb 2.2.0 |
||
mochiweb project mochiweb 2.1.0 |