27 matches found
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...
jobalertusa.com Cross Site Scripting vulnerability OBB-1253127
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Apache CouchDB - Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache CouchDB Arbitrary Command Execution', 'Description' = %q CouchDB administrative users can configure the database server via HTTPS. Some of...
FreeBSD : couchdb -- multiple vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)
Apache CouchDB PMC reports : Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases. C Tenable Network Security, Inc. The descriptive text and...
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Exploit
Exploit for linux platform in category web applications Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Date: 2017-08-07 Exploit Author: Sebastián Castro @r4wd3r Vendor Homepage:...
Apache CouchDB 1.7.0 / 2.x Remote Privilege Escalation
Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Date: 2017-08-07 Exploit Author: SebastiA!n Castro @r4wd3r Vendor Homepage: https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/ Software Link: http://couchdb.apache.org/...
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
!/usr/bin/env python ''' @author: r4wd3r @license: MIT License @contact: [email protected] ''' import argparse import re import sys import requests parser = argparse.ArgumentParser description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' + ' CVE-2017-12635'...
Apache CouchDB Arbitrary Command Execution
CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...
Debian DLA-1252-1 : couchdb security update
CVE-2017-12635 Prevent non-admin users to give themselves admin privileges. CVE-2017-12636 Blacklist some configuration options to prevent execution of arbitrary shell commands as the CouchDB user For Debian 7 'Wheezy', these problems have been fixed in version 1.2.0-5+deb7u1. We recommend that y...
[SECURITY] [DLA 1252-1] couchdb security update
Package : couchdb Version : 1.2.0-5+deb7u1 CVE ID : CVE-2017-12635 CVE-2017-12636 CVE-2017-12635 Prevent non-admin users to give themselves admin privileges. CVE-2017-12636 Blacklist some configuration options to prevent execution of arbitrary shell commands as the CouchDB user For Debian 7...
Debian: Security Advisory (DLA-1252-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : couchdb / erlang-jiffy (2017-a20d92573b)
CouchDB ver. 1.7.1 - Fixed CVE-2017-12635 - Fixed CVE-2017-12636 - Switched to eunit for testing - Erlang 20 compatible Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...
Fedora Update for erlang-jiffy FEDORA-2017-a20d92573b
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for couchdb FEDORA-2017-a20d92573b
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for erlang-jiffy FEDORA-2017-d0a336a2a3
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-201711-16 : CouchDB: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201711-16 CouchDB: Multiple vulnerabilities Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary shell command...
[ASA-201711-24] couchdb: multiple issues
Arch Linux Security Advisory ASA-201711-24 ========================================== Severity: High Date : 2017-11-16 CVE-ID : CVE-2017-12635 CVE-2017-12636 Package : couchdb Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-495 Summary ======= The package couchdb...
Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Linux
Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...
CVE-2017-12635
creationtimestamp| type| source ---|---|--- 2017-11-15 18:37:29+00:00| seen| https://t.me/informationsecuritychannel/11091 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/couchdb/couchdbenum.rb 2018-07-12 08:56:07+00:00| seen|...
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...