mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
b090504e1b
Apache CNA) and ensure that the product names are correct and consistent (which in most cases means adding "Apache", but some required more work). Make sure the vendor name is correct. Make sure affected versions matches the text somewhat, although we don't try to make every product write these in the same way, they're not supposed to be totally machine readable. Then make some fixes to the text as required where there are mistakes or inconsistencies or the Apache name isn't mentioned. There are 5 left untouched for now, one is known (where we assigned an issues to an incubator version which came out prior to being part of Apache), and four which need more work.
92 lines
3.5 KiB
JSON
92 lines
3.5 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "security@apache.org",
|
|
"DATE_PUBLIC" : "2017-11-14T00:00:00",
|
|
"ID" : "CVE-2017-12635",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "Apache CouchDB",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "1.2.0 to 1.6.1"
|
|
},
|
|
{
|
|
"version_value" : "2.0.0 to 2.1.0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "Information Disclosure"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "44498",
|
|
"refsource" : "EXPLOIT-DB",
|
|
"url" : "https://www.exploit-db.com/exploits/44498/"
|
|
},
|
|
{
|
|
"name" : "45019",
|
|
"refsource" : "EXPLOIT-DB",
|
|
"url" : "https://www.exploit-db.com/exploits/45019/"
|
|
},
|
|
{
|
|
"name" : "[dev] 20171114 Apache CouchDB CVE-2017-12635 and CVE-2017-12636",
|
|
"refsource" : "MLIST",
|
|
"url" : "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"
|
|
},
|
|
{
|
|
"name" : "[debian-lts-announce] 20180121 [SECURITY] [DLA 1252-1] couchdb security update",
|
|
"refsource" : "MLIST",
|
|
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
|
|
},
|
|
{
|
|
"name" : "GLSA-201711-16",
|
|
"refsource" : "GENTOO",
|
|
"url" : "https://security.gentoo.org/glsa/201711-16"
|
|
},
|
|
{
|
|
"name" : "101868",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/101868"
|
|
}
|
|
]
|
|
}
|
|
}
|