what you don't know can hurt you
Showing 1 - 3 of 3 RSS Feed

CVE-2017-12636

Status Candidate

Overview

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

Related Files

Apache CouchDB Arbitrary Command Execution
Posted Jul 12, 2018
Authored by Max Justicz, Joan Touzet | Site metasploit.com

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

tags | exploit, web, arbitrary, shell
advisories | CVE-2017-12635, CVE-2017-12636
MD5 | 646205692a311200bb3f3d798f50c670
Apache CouchDB Remote Code Execution
Posted Jun 21, 2018
Authored by Cody Zacharias

Apache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2017-12636
MD5 | 41cb849d4d5d1e2396ab8315d6910c18
Gentoo Linux Security Advisory 201711-16
Posted Nov 20, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-16 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of arbitrary shell commands. Versions less than 1.7.1 are affected.

tags | advisory, remote, arbitrary, shell, vulnerability
systems | linux, gentoo
advisories | CVE-2017-12635, CVE-2017-12636
MD5 | a083aed437a012f431a19805566e8eaa
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close