EDB-50914
remotelinux
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706
Konstantin Burov5/11/2022
CISA既知の悪用された脆弱性
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
必要な対応:
Apply updates per vendor instructions.
期限:
2022-09-15
説明
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
AI分析AIによる分析
影響を受ける製品
apachecouchdb
利用可能なエクスプロイト (1)
参照
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory