2.7. CVE-2014-2668: DoS (CPU and memory consumption) via the count parameter to /_uuids

来源:CouchDB 浏览 242 扫码分享 2021-10-18 21:57:29

2.7. CVE-2014-2668: DoS (CPU and memory consumption) via the count parameter to /_uuids

2.7. CVE-2014-2668: DoS (CPU and memory consumption) via the count parameter to /_uuids

Date:	26.03.2014
Affected:	Apache CouchDB releases up to and including 1.3.1, 1.4.0, and 1.5.0 are vulnerable.
Severity:	Moderate
Vendor:	The Apache Software Foundation

2.7.1. Description

The /_uuids resource’s count query parameter is able to take unreasonable huge numeric value which leads to exhaustion of server resources (CPU and memory) and to DoS as the result.

2.7.2. Mitigation

Upgrade to a supported CouchDB release that includes this fix, such as:

All listed releases have included a specific fix to

2.7.3. Work-Around

Disable the /_uuids handler completely, by adapting local.ini and restarting CouchDB:

[httpd_global_handlers]
_uuids =

当前内容版权归 CouchDB 或其关联方所有，如需对内容或内容相关联开源项目进行关注与资助，请访问 CouchDB .

本文档使用 BookStack 构建