FreeBSD : couchdb -- multiple vulnerabilities (1e54d140-8493-11e8-a795-0028f8d09152)

Critical Nessus Plugin ID 111018


The remote FreeBSD host is missing a security-related update.


Apache CouchDB PMC reports :

Database Administrator could achieve privilege escalation to the account that CouchDB runs under, by abusing insufficient validation in the HTTP API, escaping security controls implemented in previous releases.


Update the affected package.

See Also

Plugin Details

Severity: Critical

ID: 111018

File Name: freebsd_pkg_1e54d140849311e8a7950028f8d09152.nasl

Version: 1.4

Type: local

Published: 2018/07/12

Modified: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:couchdb, cpe:/o:freebsd:freebsd

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/07/10

Vulnerability Publication Date: 2017/11/14

Exploitable With


Metasploit (Apache CouchDB Arbitrary Command Execution)

Reference Information

CVE: CVE-2017-12635, CVE-2017-12636, CVE-2018-8007