EDB-50914
remotelinux
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
CVE-2022-24706
Konstantin Burov5/11/2022
CISA已知被利用漏洞
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
所需操作:
Apply updates per vendor instructions.
截止日期:
2022-09-15
描述
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
AI分析AI驱动
受影响产品
apachecouchdb
可用漏洞利用 (1)
参考资料
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory
- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2022/04/26/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/2Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/3Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2022/05/09/4Mailing ListPatchThird Party Advisory
- https://docs.couchdb.org/en/3.2.2/setup/cluster.htmlBroken LinkProduct
- https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00Mailing ListVendor Advisory
- https://medium.com/%40_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcdExploitThird Party Advisory