|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-06-14 | |
| Rule Name: | Apache CouchDB Erlang Cookie Remote Code Execution Vulnerability (CVE-2022-24706) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2022/04/26/1 http://www.openwall.com/lists/oss-security/2022/05/09/1 http://www.openwall.com/lists/oss-security/2022/05/09/2 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00 |