VDB
CVE-2017-12636
CVE-2017-12636
PUBLISHED
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
EPSS 93.75% · 99.9th percentile
Risk Scores
EPSS Score
93.75%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | couchdb | 0, 1.6.0-0ubuntu7 |
Exploit Intelligence
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- moayadalmalat/CVE-2017-12636 (github-poc-repo)
- CVE-2017-12636|exploit Couchdb (github-poc-repo)
- CVE-2017-12636|exploit Couchdb (github-poc-repo)
- CVE-2017-12636|exploit Couchdb (github-poc-repo)
…and 45 more exploits
Timeline
- Nov 14, 2017 CVE Published
- Nov 30, 2017 PoC Published
- Mar 13, 2018 PoC Published
- Apr 23, 2018 PoC Published
- Jun 20, 2018 PoC Published
- Jun 20, 2018 PoC Published
- Jun 25, 2018 PoC Published
- Jul 12, 2018 PoC Published
- Jul 12, 2018 PoC Published
- Jul 13, 2018 PoC Published
- Oct 9, 2020 PoC Published
- Oct 9, 2020 PoC Published
References
- https://ubuntu.com/security/CVE-2017-12636 third-party-advisory
- http://www.openwall.com/lists/oss-security/2017/11/14/6 third-party-advisory
- https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-12636 third-party-advisory