← Retour aux CVEs
CVE-2016-8742
N/ADescription
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
Details CVE
Score CVSS v3.1N/A
Publie2/12/2018
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
apache:couchdbmicrosoft:windows
Faiblesses (CWE)
CWE-264
References
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E(security@apache.org)
http://www.securityfocus.com/bid/94766(security@apache.org)
https://www.exploit-db.com/exploits/40865/(security@apache.org)
http://mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94766(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/40865/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.