CVE-2017-12636 is a vulnerability in Apache Couchdb
Published on November 14, 2017

CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.

Vendor Advisory NVD

Products Associated with CVE-2017-12636

Want to know whenever a new CVE is published for Apache Couchdb? stack.watch will email you.

Apache Couchdb

Affected Versions

Apache Software Foundation Apache CouchDB:

Version 1.2.0 to 1.6.1 is affected.
Version 2.0.0 to 2.1.0 is affected.

Exploit Probability

EPSS

93.70%

Percentile

99.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-12636 is a vulnerability in Apache CouchdbPublished on November 14, 2017

Products Associated with CVE-2017-12636

Affected Versions

Exploit Probability

CVE-2017-12636 is a vulnerability in Apache Couchdb
Published on November 14, 2017