Name | couchdb_roles |
---|---|
CVE | CVE-2017-12635 Exploit Pack |
VENDOR: http://couchdb.apache.org/ | |
Notes: | |
12/8/2017 | |
Windows 10 / CouchDB 2.0.0 - Exploit created | |
Ubuntu 14.04 / CouchDB 1.5.0 - Exploit created |
IMPORTANT NOTE:
If the exploit does not get you a shell, look in the Canvas log to see
if the exploit successfully created an administrative user. With that
user, you can log in to the admin panel of your target and programs
to start under the os_daemons key, as well as view other data.
IMPORTANT NOTE:
A _users database must be created by a previous admin for this exploit
to work.
Repeatability: Infinite
References: [‘https://justi.cz/security/2017/11/14/couchdb-rce-npm.html’, ‘http://www.securityfocus.com/bid/101868’]
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635