Apache CouchDB JSONP arbitrary code execution with Adobe Flash

2013.01.14

Credit: Jan Lehnardt

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

JSONP arbitrary code execution with Adobe Flash

Severity: Moderate

Vendor: The Apache Software Foundation
 
Affected Versions:
JSONP is supported but disabled by default in all currently supported
releases of Apache CouchDB. Administrator access is required to enable it.
Releases up to and including 1.0.3, 1.1.1, and 1.2.0 are vulnerable, if
administrators have enabled JSONP.

Description:
A hand-crafted JSONP callback and response can be used to run
arbitrary code inside client-side browsers via Adobe Flash.

Mitigation:
Upgrade to a supported release that includes this fix, such as
CouchDB 1.0.4, 1.1.2, 1.2.1, and the future 1.3.x series, all of which
include a specific fix.

Work-Around:
Disable JSONP.

Jan Lehnardt

References:

http://seclists.org/fulldisclosure/2013/Jan/82

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apache CouchDB JSONP arbitrary code execution with Adobe Flash

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.