← volver
CVE-2017-12636

CVE-2017-12636

EPSS 90.6%
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Productos afectados
Apache Software Foundation · Apache CouchDB
PoCs públicas encontradas6
githubgithub.com/XTeam-Wing/CVE-2017-126366githubgithub.com/moayadalmalat/CVE-2017-126363cve_referencewww.exploit-db.com/exploits/44913/no verificadocve_referencewww.exploit-db.com/exploits/45019/no verificadoexploitdbwww.exploit-db.com/exploits/45019no verificadoexploitdbwww.exploit-db.com/exploits/44913no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/01/msg00026.htmlhttps://security.gentoo.org/glsa/201711-16https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_ushttps://www.exploit-db.com/exploits/44913/https://www.exploit-db.com/exploits/45019/