Details of VAR-202006-1711

ID

VAR-202006-1711

CVE

CVE-2020-9041

TITLE

Couchbase Server and Sync Gateway Vulnerability in improper shutdown and release of resources in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006300

DESCRIPTION

In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. Couchbase Server and Sync Gateway Contains vulnerabilities related to improper shutdown and release of resources.Service operation interruption (DoS) It may be put into a state. Both Couchbase Sync Gateway and Couchbase Server are products of Couchbase Corporation in the United States. Couchbase Sync Gateway is a secure web gateway for data access and data synchronization over the web. Couchbase Server is a distributed open source NoSQL (non-relational) database, which mainly supports functions such as data query, full-text search and active global replication. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2020-9041 // JVNDB: JVNDB-2020-006300 // VULHUB: VHN-187166

AFFECTED PRODUCTS

vendor:	couchbase	model:	server	scope:	eq	version:	6.0.3	Trust: 1.8
vendor:	couchbase	model:	sync gateway	scope:	lte	version:	2.7.0	Trust: 1.0
vendor:	couchbase	model:	sync gateway	scope:	eq	version:	2.7.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-006300 // NVD: CVE-2020-9041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-9041
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006300
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202006-602
value:	HIGH
Trust: 0.6
VULHUB:	VHN-187166
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-9041
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006300
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-187166
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-9041
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-006300
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-187166 // JVNDB: JVNDB-2020-006300 // CNNVD: CNNVD-202006-602 // NVD: CVE-2020-9041

PROBLEMTYPE DATA

problemtype:

CWE-404

Trust: 1.9

sources: VULHUB: VHN-187166 // JVNDB: JVNDB-2020-006300 // NVD: CVE-2020-9041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-602

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-602

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006300

PATCH

title:	Enterprise Security Alerts	url:	https://www.couchbase.com/resources/security#SecurityAlerts	Trust: 0.8
title:	Couchbase Sync Gateway and Couchbase Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121395	Trust: 0.6

sources: JVNDB: JVNDB-2020-006300 // CNNVD: CNNVD-202006-602

EXTERNAL IDS

db:	NVD	id:	CVE-2020-9041	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-006300	Trust: 0.8
db:	CNNVD	id:	CNNVD-202006-602	Trust: 0.7
db:	CNVD	id:	CNVD-2020-37940	Trust: 0.1
db:	VULHUB	id:	VHN-187166	Trust: 0.1

sources: VULHUB: VHN-187166 // JVNDB: JVNDB-2020-006300 // CNNVD: CNNVD-202006-602 // NVD: CVE-2020-9041

REFERENCES

url:	https://www.couchbase.com/resources/security#securityalerts	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9041	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9041	Trust: 0.8

sources: VULHUB: VHN-187166 // JVNDB: JVNDB-2020-006300 // CNNVD: CNNVD-202006-602 // NVD: CVE-2020-9041

SOURCES

db:	VULHUB	id:	VHN-187166
db:	JVNDB	id:	JVNDB-2020-006300
db:	CNNVD	id:	CNNVD-202006-602
db:	NVD	id:	CVE-2020-9041

LAST UPDATE DATE

2024-11-23T22:58:11.996000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-187166	date:	2020-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-006300	date:	2020-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202006-602	date:	2020-06-12T00:00:00
db:	NVD	id:	CVE-2020-9041	date:	2024-11-21T05:39:53.003

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-187166	date:	2020-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-006300	date:	2020-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202006-602	date:	2020-06-08T00:00:00
db:	NVD	id:	CVE-2020-9041	date:	2020-06-08T16:15:10.353