漏洞类别:Database
漏洞等级: 
漏洞信息
Apache CouchDB is a free open source document oriented database written in the Erlang programming language.
This Apache CouchDB update fixes the following vulnerabilities:
CVE-2017-12635:Remote Code Execution.
CVE-2017-12636:Execution of arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Affected Versions:
Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1]
QID Detection Logic(Remote)
It checks for vulnerable version of Apache CouchDB.
漏洞危害
Successful exploitation of these vulnerabilities could allow a remote attacker to conduct unspecified attacks.
解决方案
Customers are advised to upgrade to ApacheCouchDb
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论