Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2017-12635

🗓️ 14 Nov 2017 20:00:00Reported by apacheType 
cve
 cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 225 Views🌐 WEB

Due to JSON parser differences, Apache CouchDB before 1.7.0 and 2.x before 2.1.1 allows non-admin users to give themselves admin privileges

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
Gitee		Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
16 May 202116:14
gitee
Gitee		Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
27 Apr 202114:33
gitee
Gitee		Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat
22 Oct 202115:45
gitee
0day.today		Apache CouchDB Remote Code Execution Vulnerability
30 Nov 201700:00
zdt
0day.today		Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Exploit
23 Apr 201800:00
zdt
0day.today		Apache CouchDB < 2.1.0 - Remote Code Execution Exploit
20 Jun 201800:00
zdt
0day.today		Apache #CouchDB Arbitrary Command Execution Exploit
13 Jul 201800:00
zdt
FreeBSD		couchdb -- multiple vulnerabilities
14 Nov 201700:00
freebsd
GithubExploit		Exploit for Improper Privilege Management in Apache Couchdb
29 May 202619:32
githubexploit
ArchLinux		[ASA-201711-24] couchdb: multiple issues
16 Nov 201700:00
archlinux
Rows per page
NVD
Vulners
Node
apachecouchdbRange<1.7.0
OR
apachecouchdbMatch2.0.0
OR
apachecouchdbMatch2.0.0rc1
OR
apachecouchdbMatch2.0.0rc2
OR
apachecouchdbMatch2.0.0rc3
OR
apachecouchdbMatch2.0.0rc4
[
  {
    "product": "Apache CouchDB",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "1.2.0 to 1.6.1"
      },
      {
        "status": "affected",
        "version": "2.0.0 to 2.1.0"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
typepath/_users/org.couchdb.user:oopsExploit to create an admin user via CouchDB vulnerability using a crafted _users document.CWE-269
namepath/_users/org.couchdb.user:oopsExploit to create an admin user via CouchDB vulnerability using a crafted _users document.CWE-269
rolespath/_users/org.couchdb.user:oopsExploit to create an admin user via CouchDB vulnerability using a crafted _users document.CWE-269
passwordpath/_users/org.couchdb.user:oopsExploit to create an admin user via CouchDB vulnerability using a crafted _users document.CWE-269

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 01:03Current
8.2High risk
Vulners AI Score8.2
CVSS 39.8
CVSS 210
EPSS0.99924
CWE-269In Wild
cve-2017-12635apache couchdbjson parseraccess controldatabase securityremote code executionadmin privileges
225