CVE-2010-0009
Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
Date published : 2010-04-05
http://www.securityfocus.com/bid/39116
http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html