Apache CouchDB vulnerabilities exploited

Security researchers from Trend Micro have spotted two vulnerabilities that are being exploited on popular CouchDB open source database management systems.

The two are Apache CouchDB JSON Remote Privilege Escalation Vulnerability (CVE-2017-12635) and Apache CouchDB _config Command Execution (CVE-2017-12636).

Each of these bugs were patched back in November 2017.

“Due to differences in CouchDB’s parsers, exploitation of these vulnerabilities can provide attackers with duplicate keys that allow them access control — including administrator rights — within the system. The attackers can then use these functions to execute arbitrary code,” Trend Micro stated in the report

Security experts have been warning users of the surge in cryptocurrency miners due to growing popularity and prices of digital currencies, such as Bitcoin, Monero and many others.

System administrators and users should regularly keep systems up to date with latest patches, change default account credentials to strong passwords and enable firewalls and intrusion detection systems, just to name a few critical security safeguards to keep systems safe. 

Leave a Reply