CVE-2017-12635 Apache CouchDB Multiple Vulnerabilities.

漏洞类别:Database

漏洞等级:

漏洞信息

Apache CouchDB is a free open source document oriented database written in the Erlang programming language.

This Apache CouchDB update fixes the following vulnerabilities:
CVE-2017-12635:Remote Code Execution.
CVE-2017-12636:Execution of arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

Affected Versions:

Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1]

QID Detection Logic(Remote)
It checks for vulnerable version of Apache CouchDB.

漏洞危害

Successful exploitation of these vulnerabilities could allow a remote attacker to conduct unspecified attacks.

解决方案

Customers are advised to upgrade to ApacheCouchDb

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Apache CouchDb

Leave a Reply