cvelistv5 - cve-2017-12636

CVE-2017-12636 (GCVE-0-2017-12636)

Vulnerability from cvelistv5 – Published: 2017-11-14 20:00 – Updated: 2024-09-16 18:48

Summary

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

apache

References

URL

Tags

	https://www.exploit-db.com/exploits/45019/	exploitx_refsource_EXPLOIT-DB
	https://lists.apache.org/thread.html/6c405bf3f835…	mailing-listx_refsource_MLIST
	https://www.exploit-db.com/exploits/44913/	exploitx_refsource_EXPLOIT-DB
	https://security.gentoo.org/glsa/201711-16	vendor-advisoryx_refsource_GENTOO
	https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CouchDB	Affected: 1.2.0 to 1.6.1 Affected: 2.0.0 to 2.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:43:56.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "45019",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45019/"
          },
          {
            "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E"
          },
          {
            "name": "44913",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44913/"
          },
          {
            "name": "GLSA-201711-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-16"
          },
          {
            "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CouchDB",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0 to 1.6.1"
            },
            {
              "status": "affected",
              "version": "2.0.0 to 2.1.0"
            }
          ]
        }
      ],
      "datePublic": "2017-11-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-13T18:06:10",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "45019",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45019/"
        },
        {
          "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E"
        },
        {
          "name": "44913",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44913/"
        },
        {
          "name": "GLSA-201711-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-16"
        },
        {
          "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2017-11-14T00:00:00",
          "ID": "CVE-2017-12636",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CouchDB",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.2.0 to 1.6.1"
                          },
                          {
                            "version_value": "2.0.0 to 2.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "45019",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45019/"
            },
            {
              "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"
            },
            {
              "name": "44913",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44913/"
            },
            {
              "name": "GLSA-201711-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-16"
            },
            {
              "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-12636",
    "datePublished": "2017-11-14T20:00:00Z",
    "dateReserved": "2017-08-07T00:00:00",
    "dateUpdated": "2024-09-16T18:48:31.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.7.0\", \"matchCriteriaId\": \"DCEE0A7F-2D9E-4B71-AB1D-F7E51FAF8839\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C28D397-7FB6-472F-A602-C2E7E4CCC7D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"20694545-A117-4327-9704-E4E9C26C0A10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"53337458-D551-42E3-825D-1E94AB8409D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6848350-0CDC-4CB1-B6DB-1A47227F10AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A820A52-9170-4E32-B224-1C9E7F48A6D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.\"}, {\"lang\": \"es\", \"value\": \"Los usuarios administrativos de CouchDB pueden configurar el servidor de la base de datos mediante HTTP(S). Algunas de las opciones de configuraci\\u00f3n incluyen rutas para operar binarios a nivel de sistema que son iniciados subsecuentemente por CouchDB. Esto permite que un usuario administrador en versiones anteriores a la 1.7.0 y versiones 2.x anteriores a la 2.1.1 de Apache CouchDB ejecuten comandos shell arbitrarios como el usuario CouchDB, incluyendo la descarga y ejecuci\\u00f3n de scripts del internet p\\u00fablico.\"}]",
      "id": "CVE-2017-12636",
      "lastModified": "2024-11-21T03:09:56.593",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-14T20:29:00.247",
      "references": "[{\"url\": \"https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201711-16\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us\", \"source\": \"security@apache.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/44913/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/45019/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201711-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/44913/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/45019/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-12636\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2017-11-14T20:29:00.247\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.\"},{\"lang\":\"es\",\"value\":\"Los usuarios administrativos de CouchDB pueden configurar el servidor de la base de datos mediante HTTP(S). Algunas de las opciones de configuraci\u00f3n incluyen rutas para operar binarios a nivel de sistema que son iniciados subsecuentemente por CouchDB. Esto permite que un usuario administrador en versiones anteriores a la 1.7.0 y versiones 2.x anteriores a la 2.1.1 de Apache CouchDB ejecuten comandos shell arbitrarios como el usuario CouchDB, incluyendo la descarga y ejecuci\u00f3n de scripts del internet p\u00fablico.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.7.0\",\"matchCriteriaId\":\"DCEE0A7F-2D9E-4B71-AB1D-F7E51FAF8839\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C28D397-7FB6-472F-A602-C2E7E4CCC7D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"20694545-A117-4327-9704-E4E9C26C0A10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"53337458-D551-42E3-825D-1E94AB8409D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6848350-0CDC-4CB1-B6DB-1A47227F10AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A820A52-9170-4E32-B224-1C9E7F48A6D2\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://security.gentoo.org/glsa/201711-16\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.exploit-db.com/exploits/44913/\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.exploit-db.com/exploits/45019/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201711-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/44913/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/45019/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2017-12636

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12636

Aliases

CVE-2017-12636

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12636",
    "description": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.",
    "id": "GSD-2017-12636",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-12636.html",
      "https://security.archlinux.org/CVE-2017-12636",
      "https://packetstormsecurity.com/files/cve/CVE-2017-12636"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12636"
      ],
      "details": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.",
      "id": "GSD-2017-12636",
      "modified": "2023-12-13T01:21:04.041917Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2017-11-14T00:00:00",
        "ID": "CVE-2017-12636",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache CouchDB",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.2.0 to 1.6.1"
                        },
                        {
                          "version_value": "2.0.0 to 2.1.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "45019",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/45019/"
          },
          {
            "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"
          },
          {
            "name": "44913",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44913/"
          },
          {
            "name": "GLSA-201711-16",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201711-16"
          },
          {
            "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2017-12636"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"
            },
            {
              "name": "GLSA-201711-16",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201711-16"
            },
            {
              "name": "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
            },
            {
              "name": "44913",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/44913/"
            },
            {
              "name": "45019",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/45019/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-05-13T19:29Z",
      "publishedDate": "2017-11-14T20:29Z"
    }
  }
}

SUSE-SU-2018:2578-1

Vulnerability from csaf_suse - Published: 2018-08-31 12:16 - Updated: 2018-08-31 12:16

Summary

Security update for couchdb

Notes

Title of the patch

Security update for couchdb

Description of the patch

This update for couchdb to 1.7.2 fixes the following security issues: - CVE-2018-8007: Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it was possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API (bsc#1100973). - CVE-2017-12636: CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allowed an admin user in Apache CouchDB to execute arbitrary shell commands as the CouchDB user (bsc#1068386).

Patchnames

SUSE-OpenStack-Cloud-7-2018-1807,SUSE-Storage-4-2018-1807

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for couchdb",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for couchdb to 1.7.2 fixes the following security issues:\n\n- CVE-2018-8007: Apache CouchDB administrative users can configure the database\n  server via HTTP(S). Due to insufficient validation of administrator-supplied\n  configuration settings via the HTTP API, it was possible for a CouchDB\n  administrator user to escalate their privileges to that of the operating\n  system\u0027s user that CouchDB runs under, by bypassing the blacklist of\n  configuration settings that are not allowed to be modified via the HTTP API\n  (bsc#1100973).\n- CVE-2017-12636: CouchDB administrative users can configure the database\n  server via HTTP(S). Some of the configuration options include paths for\n  operating system-level binaries that are subsequently launched by CouchDB. This\n  allowed an admin user in Apache CouchDB to execute arbitrary shell commands as\n  the CouchDB user (bsc#1068386).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-OpenStack-Cloud-7-2018-1807,SUSE-Storage-4-2018-1807",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2578-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2578-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182578-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2578-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004523.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1068386",
        "url": "https://bugzilla.suse.com/1068386"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100973",
        "url": "https://bugzilla.suse.com/1100973"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12636 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8007 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8007/"
      }
    ],
    "title": "Security update for couchdb",
    "tracking": {
      "current_release_date": "2018-08-31T12:16:30Z",
      "generator": {
        "date": "2018-08-31T12:16:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2578-1",
      "initial_release_date": "2018-08-31T12:16:30Z",
      "revision_history": [
        {
          "date": "2018-08-31T12:16:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "couchdb-1.7.2-2.8.2.aarch64",
                "product": {
                  "name": "couchdb-1.7.2-2.8.2.aarch64",
                  "product_id": "couchdb-1.7.2-2.8.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "couchdb-1.7.2-2.8.2.s390x",
                "product": {
                  "name": "couchdb-1.7.2-2.8.2.s390x",
                  "product_id": "couchdb-1.7.2-2.8.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "couchdb-1.7.2-2.8.2.x86_64",
                "product": {
                  "name": "couchdb-1.7.2-2.8.2.x86_64",
                  "product_id": "couchdb-1.7.2-2.8.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE OpenStack Cloud 7",
                "product": {
                  "name": "SUSE OpenStack Cloud 7",
                  "product_id": "SUSE OpenStack Cloud 7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-openstack-cloud:7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Enterprise Storage 4",
                "product": {
                  "name": "SUSE Enterprise Storage 4",
                  "product_id": "SUSE Enterprise Storage 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:ses:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "couchdb-1.7.2-2.8.2.aarch64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64"
        },
        "product_reference": "couchdb-1.7.2-2.8.2.aarch64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "couchdb-1.7.2-2.8.2.s390x as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x"
        },
        "product_reference": "couchdb-1.7.2-2.8.2.s390x",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "couchdb-1.7.2-2.8.2.x86_64 as component of SUSE OpenStack Cloud 7",
          "product_id": "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
        },
        "product_reference": "couchdb-1.7.2-2.8.2.x86_64",
        "relates_to_product_reference": "SUSE OpenStack Cloud 7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "couchdb-1.7.2-2.8.2.aarch64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64"
        },
        "product_reference": "couchdb-1.7.2-2.8.2.aarch64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "couchdb-1.7.2-2.8.2.x86_64 as component of SUSE Enterprise Storage 4",
          "product_id": "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64"
        },
        "product_reference": "couchdb-1.7.2-2.8.2.x86_64",
        "relates_to_product_reference": "SUSE Enterprise Storage 4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64",
          "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64",
          "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64",
          "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x",
          "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12636",
          "url": "https://www.suse.com/security/cve/CVE-2017-12636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068386 for CVE-2017-12636",
          "url": "https://bugzilla.suse.com/1068386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100973 for CVE-2017-12636",
          "url": "https://bugzilla.suse.com/1100973"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104204 for CVE-2017-12636",
          "url": "https://bugzilla.suse.com/1104204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119720 for CVE-2017-12636",
          "url": "https://bugzilla.suse.com/1119720"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-31T12:16:30Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2017-12636"
    },
    {
      "cve": "CVE-2018-8007",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8007"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system\u0027s user that CouchDB runs under, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows an existing CouchDB admin user to gain arbitrary remote code execution, bypassing already disclosed CVE-2017-12636. Mitigation: All users should upgrade to CouchDB releases 1.7.2 or 2.1.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64",
          "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64",
          "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64",
          "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x",
          "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8007",
          "url": "https://www.suse.com/security/cve/CVE-2018-8007"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100973 for CVE-2018-8007",
          "url": "https://bugzilla.suse.com/1100973"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1104204 for CVE-2018-8007",
          "url": "https://bugzilla.suse.com/1104204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119720 for CVE-2018-8007",
          "url": "https://bugzilla.suse.com/1119720"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE Enterprise Storage 4:couchdb-1.7.2-2.8.2.x86_64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.aarch64",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.s390x",
            "SUSE OpenStack Cloud 7:couchdb-1.7.2-2.8.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-31T12:16:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-8007"
    }
  ]
}

CNVD-2017-34234

Vulnerability from cnvd - Published: 2017-11-16

Title

Apache CouchDB远程代码执行漏洞

Description

Apache CouchDB是美国阿帕奇（Apache）软件基金会的一个免费、开源、面向文档的数据库，是一个使用JSON作为存储格式，JavaScript作为查询语言，MapReduce和HTTP作为API的NoSQL数据库。 Apache CouchDB 1.7.0之前的版本和2.1.1之前的2.x版本中存在远程代码执行漏洞。攻击者可利用该漏洞执行任意的shell命令（包括：从公共网络上下载和执行脚本）。

Severity

高

Patch Name

Apache CouchDB远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E

Reference

https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E

Impacted products

Name
['Apache CouchDB <1.7.0', 'Apache CouchDB 2.x<2.1.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12636"
    }
  },
  "description": "Apache CouchDB\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u514d\u8d39\u3001\u5f00\u6e90\u3001\u9762\u5411\u6587\u6863\u7684\u6570\u636e\u5e93\uff0c\u662f\u4e00\u4e2a\u4f7f\u7528JSON\u4f5c\u4e3a\u5b58\u50a8\u683c\u5f0f\uff0cJavaScript\u4f5c\u4e3a\u67e5\u8be2\u8bed\u8a00\uff0cMapReduce\u548cHTTP\u4f5c\u4e3aAPI\u7684NoSQL\u6570\u636e\u5e93\u3002\r\n\r\nApache CouchDB 1.7.0\u4e4b\u524d\u7684\u7248\u672c\u548c2.1.1\u4e4b\u524d\u76842.x\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\uff08\u5305\u62ec\uff1a\u4ece\u516c\u5171\u7f51\u7edc\u4e0a\u4e0b\u8f7d\u548c\u6267\u884c\u811a\u672c\uff09\u3002",
  "discovererName": "Joan Touzet",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34234",
  "openTime": "2017-11-16",
  "patchDescription": "Apache CouchDB\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u514d\u8d39\u3001\u5f00\u6e90\u3001\u9762\u5411\u6587\u6863\u7684\u6570\u636e\u5e93\uff0c\u662f\u4e00\u4e2a\u4f7f\u7528JSON\u4f5c\u4e3a\u5b58\u50a8\u683c\u5f0f\uff0cJavaScript\u4f5c\u4e3a\u67e5\u8be2\u8bed\u8a00\uff0cMapReduce\u548cHTTP\u4f5c\u4e3aAPI\u7684NoSQL\u6570\u636e\u5e93\u3002\r\n\r\nApache CouchDB 1.7.0\u4e4b\u524d\u7684\u7248\u672c\u548c2.1.1\u4e4b\u524d\u76842.x\u7248\u672c\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684shell\u547d\u4ee4\uff08\u5305\u62ec\uff1a\u4ece\u516c\u5171\u7f51\u7edc\u4e0a\u4e0b\u8f7d\u548c\u6267\u884c\u811a\u672c\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache CouchDB\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache CouchDB \u003c1.7.0",
      "Apache CouchDB 2.x\u003c2.1.1"
    ]
  },
  "referenceLink": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-16",
  "title": "Apache CouchDB\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2017-12636

Vulnerability from fkie_nvd - Published: 2017-11-14 20:29 - Updated: 2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E
security@apache.org	https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html
security@apache.org	https://security.gentoo.org/glsa/201711-16	Third Party Advisory
security@apache.org	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us
security@apache.org	https://www.exploit-db.com/exploits/44913/
security@apache.org	https://www.exploit-db.com/exploits/45019/
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201711-16	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44913/
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/45019/

Impacted products

Vendor	Product	Version
apache	couchdb	*
apache	couchdb	2.0.0
apache	couchdb	2.0.0
apache	couchdb	2.0.0
apache	couchdb	2.0.0
apache	couchdb	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCEE0A7F-2D9E-4B71-AB1D-F7E51FAF8839",
              "versionEndExcluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C28D397-7FB6-472F-A602-C2E7E4CCC7D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "20694545-A117-4327-9704-E4E9C26C0A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53337458-D551-42E3-825D-1E94AB8409D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "C6848350-0CDC-4CB1-B6DB-1A47227F10AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:couchdb:2.0.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "2A820A52-9170-4E32-B224-1C9E7F48A6D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet."
    },
    {
      "lang": "es",
      "value": "Los usuarios administrativos de CouchDB pueden configurar el servidor de la base de datos mediante HTTP(S). Algunas de las opciones de configuraci\u00f3n incluyen rutas para operar binarios a nivel de sistema que son iniciados subsecuentemente por CouchDB. Esto permite que un usuario administrador en versiones anteriores a la 1.7.0 y versiones 2.x anteriores a la 2.1.1 de Apache CouchDB ejecuten comandos shell arbitrarios como el usuario CouchDB, incluyendo la descarga y ejecuci\u00f3n de scripts del internet p\u00fablico."
    }
  ],
  "id": "CVE-2017-12636",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-14T20:29:00.247",
  "references": [
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-16"
    },
    {
      "source": "security@apache.org",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.exploit-db.com/exploits/44913/"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.exploit-db.com/exploits/45019/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/44913/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/45019/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FCPQ-CJ4X-H8MV

Vulnerability from github – Published: 2022-05-14 01:03 – Updated: 2025-04-20 03:48

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-14T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.",
  "id": "GHSA-fcpq-cj4x-h8mv",
  "modified": "2025-04-20T03:48:22Z",
  "published": "2022-05-14T01:03:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12636"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-16"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44913"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45019"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12636 (GCVE-0-2017-12636)

GSD-2017-12636

SUSE-SU-2018:2578-1

CNVD-2017-34234

FKIE_CVE-2017-12636

GHSA-FCPQ-CJ4X-H8MV

Tags

Sightings

Nomenclature