Vulnerability Details : CVE-2017-12636
Public exploit exists!
CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Threat overview for CVE-2017-12636
Top countries where our scanners detected CVE-2017-12636
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-12636 9
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-12636!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-12636
Probability of exploitation activity in the next 30 days: 3.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-12636
-
Apache CouchDB Arbitrary Command Execution
Disclosure Date: 2016-04-06First seen: 2020-04-26exploit/linux/http/apache_couchdb_cmd_execCouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before
CVSS scores for CVE-2017-12636
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
7.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2017-12636
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-12636
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us
HPESBMU03935 rev.1 - HPE Unified OSS Console Software Products using Apache CouchDB, Remote Code Execution, Remote Escalation of Privilege
-
https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E
Apache CouchDB CVE-2017-12635 and CVE-2017-12636 - Pony MailMailing List;Vendor Advisory
-
https://security.gentoo.org/glsa/201711-16
CouchDB: Multiple vulnerabilities (GLSA 201711-16) — Gentoo securityThird Party Advisory
-
https://www.exploit-db.com/exploits/44913/
Apache CouchDB < 2.1.0 - Remote Code Execution
-
https://www.exploit-db.com/exploits/45019/
Apache CouchDB - Arbitrary Command Execution (Metasploit)
-
https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html
[SECURITY] [DLA 1252-1] couchdb security update
Products affected by CVE-2017-12636
- cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*