CVE-2010-0009

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

Date published : 2010-04-05

http://www.securityfocus.com/bid/39116

http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html