CVE-2010-0009 Information

Description

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

Reference

http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html http://couchdb.apache.org/security.html http://secunia.com/advisories/39146 http://www.osvdb.org/63350 http://www.securityfocus.com/archive/1/510427/100/0/threaded http://www.securityfocus.com/bid/39116 https://bugzilla.redhat.com/show_bug.cgi?id=578572