vulnerability

Ubuntu: (CVE-2017-12636): couchdb vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Nov 14, 2017	Jun 26, 2025	Jul 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Nov 14, 2017

Added

Jun 26, 2025

Modified

Jul 28, 2025

Description

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

Solution

no-fix-ubuntu-package

References

CVE-2017-12636
https://attackerkb.com/topics/CVE-2017-12636
URL-http://www.openwall.com/lists/oss-security/2017/11/14/6
URL-https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E
URL-https://www.cve.org/CVERecord?id=CVE-2017-12636

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today