Melkote

**Name of the Vulnerable Software and Affected Versions** MochiWeb versions prior to 2.4.0 Apache CouchDB versions prior to 1.0.4 Apache CouchDB versions 1.1.x prior to 1.1.2 Apache CouchDB versions 1.2.x prior to 1.2.1 **Description** A directory traversal issue exists in the `partition2` function in `mochiweb util.erl` in MochiWeb, which is used in Apache CouchDB. This issue allows remote attackers to read arbitrary files by including a `..` (dot dot backslash) in the default URI. **Recommendations** For MochiWeb versions prior to 2.4.0, update to version 2.4.0 or later. For Apache CouchDB versions prior to 1.0.4, update to version 1.0.4 or later. For Apache CouchDB versions 1.1.x prior to 1.1.2, update to version 1.1.2 or later. For Apache CouchDB versions 1.2.x prior to 1.2.1, update to version 1.2.1 or later.