Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2022-24706

Description

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.

POC

Reference

- http://packetstormsecurity.com/files/167032/Apache-CouchDB-3.2.1-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/169702/Apache-CouchDB-Erlang-Remote-Code-Execution.html

- https://medium.com/@_sadshade/couchdb-erlang-and-cookies-rce-on-default-settings-b1e9173a4bcd

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/20142995/nuclei-templates

- https://github.com/20142995/pocsuite3

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ArrestX/--POC

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/Li468446/Apache_poc

- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection

- https://github.com/Loginsoft-Research/Linux-Exploit-Detection

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/NaInSec/CVE-PoC-in-GitHub

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PyterSmithDarkGhost/COUCHDBEXPLOITCVE2022-24706

- https://github.com/SLTN91/Microservices-Applications-Attack-and-Detection

- https://github.com/SYRTI/POC_to_review

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/WhooAmii/POC_to_review

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/XmasSnowISBACK/CVE-2022-24706

- https://github.com/ahmetsabrimert/Apache-CouchDB-CVE-2022-24706-RCE-Exploits-Blog-post-

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/becrevex/CVE-2022-24706

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/hatjwe/CVE-2023-24706

- https://github.com/hktalent/bug-bounty

- https://github.com/huimzjty/vulwiki

- https://github.com/k0mi-tg/CVE-POC

- https://github.com/karimhabush/cyberowl

- https://github.com/luck-ying/Library-POC

- https://github.com/manas3c/CVE-POC

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/sadshade/CVE-2022-24706-CouchDB-Exploit

- https://github.com/superzerosec/CVE-2022-24706

- https://github.com/t0m4too/t0m4to

- https://github.com/trhacknon/CVE-2022-24706-CouchDB-Exploit

- https://github.com/trhacknon/Pocingit

- https://github.com/whoforget/CVE-POC

- https://github.com/xanszZZ/pocsuite3-poc

- https://github.com/youwizard/CVE-POC

- https://github.com/zecool/cve