CVE-2017-12636
Summary
| CVE | CVE-2017-12636 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-11-14 20:29:00 UTC |
|---|
| Updated | 2023-11-07 02:38:00 UTC |
|---|
| Description | CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 1252-1] couchdb security update |
MLIST |
lists.debian.org |
|
| Document Display | HPE Support Center |
CONFIRM |
support.hpe.com |
|
| Apache Mail Archives |
MLIST |
lists.apache.org |
Mailing List, Vendor Advisory |
| CouchDB: Multiple vulnerabilities (GLSA 201711-16) — Gentoo security |
GENTOO |
security.gentoo.org |
Third Party Advisory |
| Apache CouchDB - Arbitrary Command Execution (Metasploit) - Linux remote Exploit |
EXPLOIT-DB |
www.exploit-db.com |
|
| Apache Mail Archives |
|
lists.apache.org |
|
| Apache CouchDB < 2.1.0 - Remote Code Execution - Linux webapps Exploit |
EXPLOIT-DB |
www.exploit-db.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710477 Gentoo Linux CouchDB Multiple Vulnerabilities (GLSA 201711-16)
