IQID:17255 Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability S
IQID: 17255 - May 2018
Due to differences in the Erlang-based JSON parser and
JavaScript-based JSON parser, it is possible in Apache CouchDB before
1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate
keys for 'roles' used for access control within the database,
including the special case '_admin' role, that denotes administrative
users. In combination with CVE-2017-12636 (Remote Code Execution),
this can be used to give non-admin users access to arbitrary shell
commands on the server as the database system user. The JSON parser
differences result in behaviour that if two 'roles' keys are available
in the JSON, the second one will be used for authorising the document
write, but the first 'roles' key is used for subsequent authorization
for the newly created user. By design, users can not assign themselves
roles. The vulnerability allows non-admin users to give themselves
admin privileges.
A Full Description is available for this threat, please sign in for access to Full Description.
Attack Data
Attack Data is available for this threat, please sign in for access to Attack Data.
CVSS Information
CVSS Information is available for this threat, please sign in for access to CVSS Information.
Date
Date Information is available for this threat, please sign in for access to Date Information.
External Resources
External resources are available for this threat, please sign in for access to external resources.
Security Rule
A security rule is available to identify this threat, please sign in for access to security rules.
Permalink
Link directly to this page.
http://www.idappcom.com/db/?17255
© 2024 by IDappcom. Privacy policy. IDappcom Ltd, 6 Rural Enterprise Centre, Ludlow, Shropshire, SY8 1FF.