CVE-2017-12636

Related Files

Apache CouchDB Arbitrary Command Execution

Posted Jul 12, 2018

Authored by Max Justicz, Joan Touzet | Site metasploit.com

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

tags | exploit, web, arbitrary, shell

advisories | CVE-2017-12635, CVE-2017-12636

SHA-256 | a93f10ff77a858d80ea8ceaf2de3218d932d08cd6154f36a815a8470659052df

Download | Favorite | View

Apache CouchDB Remote Code Execution

Posted Jun 21, 2018

Authored by Cody Zacharias

Apache CouchDB versions prior to 2.1.0 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, proof of concept

advisories | CVE-2017-12636

SHA-256 | ab8707eb0c1362d2ee6b04feda50214c30fb3a36f58e891f9b7dd244982cac5f

Download | Favorite | View

Gentoo Linux Security Advisory 201711-16

Posted Nov 20, 2017

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201711-16 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of arbitrary shell commands. Versions less than 1.7.1 are affected.

tags | advisory, remote, arbitrary, shell, vulnerability

systems | linux, gentoo

advisories | CVE-2017-12635, CVE-2017-12636

SHA-256 | 1637e4fbe6d399b8b711ad956330ad1c1baaed2b7f7cef8cb47f94e57500c620

Download | Favorite | View