Lucene search

K
canvasImmunity CanvasCOUCHDB_ROLES
HistoryNov 14, 2017 - 8:29 p.m.

Immunity Canvas: COUCHDB_ROLES

2017-11-1420:29:00
Immunity Canvas
exploitlist.immunityinc.com
547

EPSS

0.974

Percentile

99.9%

Name couchdb_roles
CVE CVE-2017-12635 Exploit Pack
VENDOR: http://couchdb.apache.org/
Notes:
12/8/2017
Windows 10 / CouchDB 2.0.0 - Exploit created
Ubuntu 14.04 / CouchDB 1.5.0 - Exploit created

IMPORTANT NOTE:
If the exploit does not get you a shell, look in the Canvas log to see
if the exploit successfully created an administrative user. With that
user, you can log in to the admin panel of your target and programs
to start under the os_daemons key, as well as view other data.

IMPORTANT NOTE:
A _users database must be created by a previous admin for this exploit
to work.

Repeatability: Infinite
References: [‘https://justi.cz/security/2017/11/14/couchdb-rce-npm.html’, ‘http://www.securityfocus.com/bid/101868’]
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635