PT-2019-12324 · Couchbase · Couchbase Server

Published

2019-09-10

Updated

2019-09-26

CVE-2019-11464

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 5.1.2 through 5.5.0

Description The issue concerns the absence of certain security-related headers in REST responses from the Couchbase Server Views REST API. Specifically, headers such as X-Frame-Options, X-Content-Type-Options, X-Permitted-Cross-Domain-Policies, and X-XSS-Protection were not included. These headers are generally recommended for enhancing security.

Recommendations For Couchbase Server versions 5.1.2 through 5.5.0, update to version 6.0.2 or later to include the necessary security-related headers in responses from the Couchbase Server Views REST API.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-11464

Affected Products

Couchbase Server

PT-2019-12324 · Couchbase · Couchbase Server

CVE-2019-11464

Weakness Enumeration

Related Identifiers

Affected Products

References · 3