Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.COUCHDB_1_2_1.NASL
HistoryJan 22, 2013 - 12:00 a.m.

Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities

2013-01-2200:00:00
This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
54

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.058 Low

EPSS

Percentile

93.4%

JSON

According to its banner, the version of CouchDB running on the remote host is earlier than 1.0.4, 1.1.x earlier than 1.1.2 or 1.2.x earlier than 1.2.1. It is, therefore, potentially affected by the following vulnerabilities :

  • An unspecified error exists in the included MochiWeb HTTP library that can allow access to arbitrary files via directory traversal attacks. Note that reportedly, this issue only affects installs on Windows hosts.
    (CVE-2012-5641)

  • An error related to JSONP callbacks can allow an unspecified cross-site scripting attack. (CVE-2012-5649)

  • An input validation error exists related to unspecified query parameters and the Futon UI that can allow DOM- based cross-site scripting attacks. (CVE-2012-5650)

Note that Nessus did not actually test for these flaws but instead, has relied on the version in CouchDB’s banner.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63642);
  script_version("1.8");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id("CVE-2012-5641", "CVE-2012-5649", "CVE-2012-5650");
  script_bugtraq_id(57313, 57314, 57321);

  script_name(english:"Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities");
  script_summary(english:"Does a paranoid banner check on the web server");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is potentially affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of CouchDB running on the remote
host is earlier than 1.0.4, 1.1.x earlier than 1.1.2 or 1.2.x earlier
than 1.2.1.  It is, therefore, potentially affected by the following
vulnerabilities :

  - An unspecified error exists in the included MochiWeb
    HTTP library that can allow access to arbitrary files
    via directory traversal attacks. Note that reportedly,
    this issue only affects installs on Windows hosts.
    (CVE-2012-5641)

  - An error related to JSONP callbacks can allow an
    unspecified cross-site scripting attack. (CVE-2012-5649)

  - An input validation error exists related to unspecified
    query parameters and the Futon UI that can allow DOM-
    based cross-site scripting attacks. (CVE-2012-5650)

Note that Nessus did not actually test for these flaws but instead, has
relied on the version in CouchDB's banner.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525297/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525299/30/0/threaded");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/525300/30/0/threaded");
  script_set_attribute(attribute:"solution", value:
"Upgrade to CouchDB 1.0.4 / 1.1.2 / 1.2.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5649");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:couchdb");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("couchdb_detect.nasl");
  script_require_keys("Settings/ParanoidReport", "www/couchdb");
  script_require_ports("Services/www", 5984, 6984);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");

port    = get_http_port(default:5984);
install = get_install_from_kb(appname:"couchdb", port:port, exit_on_fail:TRUE);

version = install['ver'];
if (version == UNKNOWN_VER) audit(AUDIT_SERVICE_VER_FAIL, "CouchDB", port);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if (version =~ "^1(\.[0-2])?$") exit(1, "The banner from the CouchDB install listening on port "+port+" - "+version+" -  is not granular enough to make a determination.");

ver_fields = split(version, sep:'.', keep:FALSE);
for (i=0; i < max_index(ver_fields); i++)
  ver_fields[i] = int(ver_fields[i]);

if (
  ver_fields[0] == 0 ||
  (
    ver_fields[0] == 1 &&
    (
      (ver_fields[1] == 0 && ver_fields[2] < 4) ||
      (ver_fields[1] == 1 && ver_fields[2] < 2) ||
      (ver_fields[1] == 2 && ver_fields[2] < 1)
    )
  )
)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  if (report_verbosity > 0)
  {
    source  = get_kb_item("www/"+port+"/couchdb/source");
    if (!source) source = "n/a";

    report = 
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 1.0.4 / 1.1.2 / 1.2.1\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "CouchDB", port, version);
VendorProductVersionCPE
apachecouchdbcpe:/a:apache:couchdb

Related

nessus 6
securityvulns 4
fedora 2
openvas 5
ubuntucve 3
cvelist 3
cve 3
prion 3
nvd 3
freebsd 1
nessus
nessus
Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities
2013-05-08 00:00:00
Apache CouchDB < 1.0.4 / 1.1.2 / 1.2.1 Multiple Vulnerabilities
2013-05-08 00:00:00
Fedora 17 : couchdb-1.2.1-2.fc17 (2013-1387)
2013-02-04 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2013-01-14 00:00:00
CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows
2013-01-14 00:00:00
CVE-2012-5650 Apache CouchDB DOM based Cross-Site Scripting via Futon UI
2013-01-14 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: couchdb-1.2.1-2.fc18
2013-02-02 04:25:54
[SECURITY] Fedora 17 Update: couchdb-1.2.1-2.fc17
2013-02-02 04:27:53
openvas
openvas
Fedora Update for couchdb FEDORA-2013-1387
2013-02-04 00:00:00
Fedora Update for couchdb FEDORA-2013-1387
2013-02-04 00:00:00
Fedora Update for couchdb FEDORA-2013-1375
2013-02-04 00:00:00
ubuntucve
ubuntucve
CVE-2012-5649
2014-05-23 00:00:00
CVE-2012-5641
2014-03-18 00:00:00
CVE-2012-5650
2014-03-18 00:00:00
cvelist
cvelist
CVE-2012-5649
2014-05-23 14:00:00
CVE-2012-5641
2014-03-18 14:00:00
CVE-2012-5650
2014-03-18 14:00:00
cve
cve
CVE-2012-5641
2014-03-18 17:02:49
CVE-2012-5649
2014-05-23 14:55:07
CVE-2012-5650
2014-03-18 17:02:49
prion
prion
Directory traversal
2014-03-18 17:02:00
Design/Logic Flaw
2014-05-23 14:55:00
Cross site scripting
2014-03-18 17:02:00
nvd
nvd
CVE-2012-5649
2014-05-23 14:55:07
CVE-2012-5650
2014-03-18 17:02:49
CVE-2012-5641
2014-03-18 17:02:49
freebsd
freebsd
couchdb -- DOM based Cross-Site Scripting via Futon UI
2012-01-14 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.058 Low

EPSS

Percentile

93.4%

JSON
Related for COUCHDB_1_2_1.NASL
nessus6securityvulns4fedora2openvas5ubuntucve3cvelist3cve3prion3nvd3freebsd1