Detections
Analytics

Apache CouchDB Unauthenticated Administrative Access

high Nessus Plugin ID 45434

Language:

Synopsis

The remote database server allows administrative access without authentication.

Description

Nessus was able to perform administrative actions on the remote CouchDB server without providing authentication. A remote attacker could exploit this to take control of the CouchDB server.

Solution

Secure the CouchDB installation with an administrative account.

See Also

http://books.couchdb.org/relax/reference/security

Plugin Details

Severity: High

ID: 45434

File Name: couchdb_admin_access.nasl

Version: Revision: 1.7

Type: remote

Family: Databases

Published: 4/7/2010

Updated: 12/1/2017

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apache:couchdb

Required KB Items: www/couchdb

Exploited by Nessus: true