Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-12636

CWE-78OS Command Injection14 documents8 sources
Severity
7.2HIGH
EPSS
93.8%
top 0.15%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Software Foundation Apache CouchdbApache Couchdb
Timeline
PublishedNov 14
Latest updateMay 14

Description

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDapache/couchdb< 1.7.0+1

🔴Vulnerability Details

3
GHSA
GHSA-fcpq-cj4x-h8mv: CouchDB administrative users can configure the database server via HTTP(S)2022-05-14
OSV
CVE-2017-12636: CouchDB administrative users can configure the database server via HTTP(S)2017-11-14
CVEList
CVE-2017-12636: CouchDB administrative users can configure the database server via HTTP(S)2017-11-14

💥Exploits & PoCs

3
Exploit-DB
Apache CouchDB - Arbitrary Command Execution (Metasploit)2018-07-13
Exploit-DB
Apache CouchDB < 2.1.0 - Remote Code Execution2018-06-20
Nuclei
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

🔍Detection Rules

4
Suricata
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 32018-06-25
Suricata
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 42018-06-25
Suricata
ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 22018-06-25
Suricata
ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)2018-03-13

💬Community

3
Bugzilla
CVE-2018-11769 couchdb: Possible privilege escalation by couchdb administrator to system couchdb user2018-12-18
Bugzilla
CVE-2017-12636 couchdb: OS Command injection as couchdb user via remote configuration options2017-11-23
Bugzilla
CVE-2017-12635 CVE-2017-12636 couchdb: various flaws [fedora-all]2017-11-23
CVE-2017-12636 (HIGH CVSS 7.2) | CouchDB administrative users can co | cvebase.io