Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2017-12635 | First vendor Publication | 2017-11-14 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-269 | Improper Privilege Management |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2017-12-19 | Apache CouchDB remote privilege escalation attempt RuleID : 44890 - Revision : 3 - Type : SERVER-OTHER |
Metasploit Database
id | Description |
---|---|
2016-04-06 | Apache CouchDB Arbitrary Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-07-12 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1e54d140849311e8a7950028f8d09152.nasl - Type : ACT_GATHER_INFO |
2018-01-22 | Name : The remote Debian host is missing a security update. File : debian_DLA-1252.nasl - Type : ACT_GATHER_INFO |
2018-01-15 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2017-a20d92573b.nasl - Type : ACT_GATHER_INFO |
2017-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201711-16.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:42:14 |
|
2021-05-04 12:56:35 |
|
2021-04-22 02:09:07 |
|
2020-05-23 13:17:09 |
|
2020-05-23 02:02:51 |
|
2020-05-23 00:55:35 |
|
2019-10-03 09:20:01 |
|
2019-05-14 00:19:03 |
|
2018-09-12 12:06:49 |
|
2018-07-28 09:19:20 |
|
2018-04-26 09:19:26 |
|
2018-02-05 13:21:33 |
|
2017-12-04 21:22:58 |
|
2017-11-21 13:24:01 |
|
2017-11-21 09:22:04 |
|
2017-11-19 12:04:12 |
|
2017-11-15 00:23:21 |
|