Lucene search

CVE-2018-8007

🗓️ 11 Jul 2018 13:00:29Reported by apacheType

cve🔗 web.nvd.nist.gov👁 59 Views🌐 WEB

CVE-2018-8007: Apache CouchDB privilege escalation via HTTP API

Reporter	Title	Published	Views	Family All 67
Prion	Input validation	11 Jul 201813:29	–	prion
Prion	Input validation	8 Aug 201815:29	–	prion
Prion	Design/Logic Flaw	14 Nov 201720:29	–	prion
Prion	Design/Logic Flaw	14 Nov 201720:29	–	prion
Cvelist	CVE-2018-8007	11 Jul 201813:00	–	cvelist
Cvelist	CVE-2018-11769	8 Aug 201815:00	–	cvelist
Cvelist	CVE-2017-12636	14 Nov 201720:00	–	cvelist
Cvelist	CVE-2017-12635	14 Nov 201720:00	–	cvelist
OSV	CVE-2018-8007	11 Jul 201813:29	–	osv
OSV	CVE-2018-11769	8 Aug 201815:29	–	osv

Nvd

Vulners

Node

apache couchdbRange≤1.7.1

apache couchdbRange2.0.0–2.1.1

[
  {
    "product": "Apache CouchDB",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.7.2"
      },
      {
        "status": "affected",
        "version": "2.0.0 to 2.1.1"
      }
    ]
  }
]

Source	Link
mail-archives	www.mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3c1439409216.6221.1531246856676.JavaMail.Joan%40RITA%3e
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JOUCX7LHDV4YWZDQNXT5NTKKRANZQW/
mail-archives	www.mail-archives.apache.org/mod_mbox/couchdb-announce/201807.mbox/%3C1699016538.6219.1531246785603.JavaMail.Joan%40RITA%3E
blog	www.blog.couchdb.org/2018/07/10/cve-2018-8007/
security	www.security.gentoo.org/glsa/201812-06
securityfocus	www.securityfocus.com/bid/104741
mdsec	www.mdsec.co.uk/2018/08/advisory-cve-2018-8007-apache-couchdb-remote-code-execution/
support	www.support.hpe.com/hpsc/doc/public/display
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5FPHVVU5KMRFKQTJPAM3TBGC7LKCWQS/

Parameter	Position	Path	Description	CWE
file:read_file	request body	/diag/eval	Couchbase Server's 'diag/eval' endpoint allows authenticated users to execute arbitrary Erlang code, leading to privilege escalation and remote code execution.	CWE-20
os:cmd	request body	/diag/eval	Couchbase Server's 'diag/eval' endpoint allows authenticated users to execute arbitrary Erlang code, leading to privilege escalation and remote code execution.	CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Jul 2018 13:29Current

7.6High risk

Vulners AI Score7.6

CVSS29

CVSS37.2

EPSS0.0331

CWE-20