Apache CouchDB Unauthenticated Administrative Access

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.

Synopsis :

The remote database server allows administrative access without

Description :

Nessus was able to perform administrative actions on the remote
CouchDB server without providing authentication. A remote attacker
could exploit this to take control of the CouchDB server.

See also :


Solution :

Secure the CouchDB installation with an administrative account.

Risk factor :

High / CVSS Base Score : 7.5

Family: Databases

Nessus Plugin ID: 45434 (couchdb_admin_access.nasl)

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial