CVE-2020-9041

Name of the Vulnerable Software and Affected Versions Couchbase Server version 6.0.3 Couchbase Sync Gateway versions prior to 2.7.1

Description The issue affects the Cluster management, views, query, and full-text search endpoints, making them vulnerable to a denial-of-service attack. This is due to the endpoints not aggressively terminating slow connections, which can be exploited through a Slowloris attack.

Recommendations For Couchbase Server version 6.0.3, update to a version that includes a fix for this issue. For Couchbase Sync Gateway versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider configuring the server to more aggressively terminate slow connections to minimize the risk of exploitation.