Oval Definition:oval:com.ubuntu.xenial:def:201712636000
Revision Date:2017-11-14Version:1
Title:CVE-2017-12636 on Ubuntu 16.04 LTS (xenial) - medium.
Description:CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-12636
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND The 'couchdb' package in xenial is affected and needs fixing.
  • BACK