Apache CouchDB Unauthenticated Administrative Access

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote database server allows administrative access without

Description :

Nessus was able to perform administrative actions on the remote
CouchDB server without providing authentication. A remote attacker
could exploit this to take control of the CouchDB server.

See also :


Solution :

Secure the CouchDB installation with an administrative account.

Risk factor :

High / CVSS Base Score : 7.5

Family: Databases

Nessus Plugin ID: 45434 (couchdb_admin_access.nasl)

Bugtraq ID: