CVE-2012-5641 Information

Description

Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0 as used in Apache CouchDB before 1.0.4 1.1.x before 1.1.2 and 1.2.x before 1.2.1 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the default URI.

Reference

http://seclists.org/fulldisclosure/2013/Jan/81 http://secunia.com/advisories/51765 http://www.securityfocus.com/bid/57313 https://exchange.xforce.ibmcloud.com/vulnerabilities/81240 https://github.com/melkote/mochiweb/commit/ac2bf https://github.com/mochi/mochiweb/issues/92