Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 10:36 a.m.10 views

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

10CVSS7AI score0.99838EPSS
Exploits21References2
Openbugbounty
Openbugbounty
added 2020/08/07 5:25 p.m.7 views

jobalertusa.com Cross Site Scripting vulnerability OBB-1253127

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/13 12:0 a.m.65 views

Apache CouchDB - Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache CouchDB Arbitrary Command Execution', 'Description' = %q CouchDB administrative users can configure the database server via HTTPS. Some of...

10CVSS8.4AI score0.99838EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2018/07/12 12:0 a.m.40 views

FreeBSD : couchdb -- multiple vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)

Apache CouchDB PMC reports : Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases. C Tenable Network Security, Inc. The descriptive text and...

10CVSS7.9AI score0.99838EPSS
Exploits24References7
0day.today
0day.today
added 2018/04/23 12:0 a.m.64 views

Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Exploit

Exploit for linux platform in category web applications Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Date: 2017-08-07 Exploit Author: Sebastián Castro @r4wd3r Vendor Homepage:...

10CVSS0.1AI score0.99838EPSS
Exploits21
Packet Storm
Packet Storm
added 2018/04/23 12:0 a.m.48 views

Apache CouchDB 1.7.0 / 2.x Remote Privilege Escalation

Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Date: 2017-08-07 Exploit Author: SebastiA!n Castro @r4wd3r Vendor Homepage: https://blog.couchdb.org/2017/11/14/apache-couchdb-cve-2017-12635-and-cve-2017-12636/ Software Link: http://couchdb.apache.org/...

10CVSS0.6AI score0.99838EPSS
Exploits21
Exploit DB
Exploit DB
added 2018/04/23 12:0 a.m.93 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

!/usr/bin/env python ''' @author: r4wd3r @license: MIT License @contact: [email protected] ''' import argparse import re import sys import requests parser = argparse.ArgumentParser description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' + ' CVE-2017-12635'...

10CVSS9.6AI score0.99838EPSS
Exploits21
Metasploit
Metasploit
added 2018/03/27 9:43 a.m.119 views

Apache CouchDB Arbitrary Command Execution

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

9.8CVSS8.9AI score0.99838EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.29 views

Debian DLA-1252-1 : couchdb security update

CVE-2017-12635 Prevent non-admin users to give themselves admin privileges. CVE-2017-12636 Blacklist some configuration options to prevent execution of arbitrary shell commands as the CouchDB user For Debian 7 'Wheezy', these problems have been fixed in version 1.2.0-5+deb7u1. We recommend that y...

10CVSS8.1AI score0.99838EPSS
Exploits21References4
Debian
Debian
added 2018/01/21 6:20 p.m.27 views

[SECURITY] [DLA 1252-1] couchdb security update

Package : couchdb Version : 1.2.0-5+deb7u1 CVE ID : CVE-2017-12635 CVE-2017-12636 CVE-2017-12635 Prevent non-admin users to give themselves admin privileges. CVE-2017-12636 Blacklist some configuration options to prevent execution of arbitrary shell commands as the CouchDB user For Debian 7...

10CVSS9.1AI score0.99838EPSS
Exploits21
OpenVAS
OpenVAS
added 2018/01/21 12:0 a.m.29 views

Debian: Security Advisory (DLA-1252-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.4AI score0.99838EPSS
Exploits21References3
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.37 views

Fedora 27 : couchdb / erlang-jiffy (2017-a20d92573b)

CouchDB ver. 1.7.1 - Fixed CVE-2017-12635 - Fixed CVE-2017-12636 - Switched to eunit for testing - Erlang 20 compatible Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and...

10CVSS7.8AI score0.99838EPSS
Exploits21References3
OpenVAS
OpenVAS
added 2017/12/10 12:0 a.m.23 views

Fedora Update for erlang-jiffy FEDORA-2017-a20d92573b

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.4AI score0.99838EPSS
Exploits21References2
OpenVAS
OpenVAS
added 2017/12/10 12:0 a.m.21 views

Fedora Update for couchdb FEDORA-2017-a20d92573b

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.4AI score0.99838EPSS
Exploits21References2
OpenVAS
OpenVAS
added 2017/12/10 12:0 a.m.32 views

Fedora Update for erlang-jiffy FEDORA-2017-d0a336a2a3

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.4AI score0.99838EPSS
Exploits21References2
Tenable Nessus
Tenable Nessus
added 2017/11/20 12:0 a.m.27 views

GLSA-201711-16 : CouchDB: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201711-16 CouchDB: Multiple vulnerabilities Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary shell command...

10CVSS8.3AI score0.99838EPSS
Exploits21References3
ArchLinux
ArchLinux
added 2017/11/16 12:0 a.m.19 views

[ASA-201711-24] couchdb: multiple issues

Arch Linux Security Advisory ASA-201711-24 ========================================== Severity: High Date : 2017-11-16 CVE-ID : CVE-2017-12635 CVE-2017-12636 Package : couchdb Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-495 Summary ======= The package couchdb...

10CVSS1.5AI score0.99838EPSS
Exploits21References7
OpenVAS
OpenVAS
added 2017/11/16 12:0 a.m.45 views

Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Linux

Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...

10CVSS8.5AI score0.99838EPSS
Exploits21References2
Circl
Circl
added 2017/11/15 6:37 p.m.58 views

CVE-2017-12635

creationtimestamp| type| source ---|---|--- 2017-11-15 18:37:29+00:00| seen| https://t.me/informationsecuritychannel/11091 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/couchdb/couchdbenum.rb 2018-07-12 08:56:07+00:00| seen|...

10CVSS7.3AI score0.99838EPSS
In wildExploits21References7
UbuntuCve
UbuntuCve
added 2017/11/14 8:29 p.m.45 views

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

10CVSS7.2AI score0.99838EPSS
Exploits21References3
Rows per page
Query Builder