APP: Apache CouchDB Erlang Cookie Authen Bypass
This signature detects attempts to exploit a known vulnerability against Apache CouchDB. A successful attack can lead to security bypass.
Extended Description
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
Affected Products
Apache couchdb
References
CVE: CVE-2022-24706
Short Name
APP:MISC:COUCHDB-AUTH-BYPAS
Severity
Warning
Recommended
False
Recommended Action
None
Category
APP
Keywords
Apache Authen Bypass CVE-2022-24706 Cookie CouchDB Erlang
Release Date
04/04/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
Port
TCP/1024-3127,3129-7999,8001-8079,8081-65535
False Positive
Unknown
Vendors
Apache