APP: Apache CouchDB Erlang Cookie Auth Bypass
This signature detects attempts to exploit a known vulnerability against CouchDB. A successful attack can lead to security bypass.
Extended Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Affected Products
Apache couchdb
References
CVE: CVE-2022-24706
Short Name
APP:MISC:COUCHDB-AUTH-BYPA
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
Apache Auth Bypass CVE-2022-24706 Cookie CouchDB Erlang
Release Date
12/21/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3691
Port
TCP/1024-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Apache
CVSS Score
10.0