apache-couchdb-unauth: Apache CouchDB - Unauthenticated Access

日期: 2025-08-01 | 影响软件: apache couchdb | POC: 已公开

漏洞描述

Apache CouchDB is exposed to external users.

PoC代码[已公开]

id: apache-couchdb-unauth

info:
  name: Apache CouchDB - Unauthenticated Access
  author: SleepingBag945
  severity: high
  description: Apache CouchDB is exposed to external users.
  reference:
    - https://github.com/ax1sX/SecurityList/blob/main/Database/CouchDB.md
    - https://github.com/taomujian/linbing/blob/master/python/app/plugins/http/CouchDB/Couchdb_Unauthorized.py
    - https://github.com/mubix/tools/blob/master/nmap/scripts/couchdb-stats.nse
  metadata:
    verified: true
    max-request: 1
    shodan-query: product:"CouchDB"
    fofa-query: app="APACHE-CouchDB"
  tags: apache,couchdb,unauth,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/_config"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body,"httpd_design_handlers") && contains(body,"external_manager")'
        condition: and
# digest: 4a0a00473045022100ff7477891f0eafddebc45ad34d1d90a8ba60c094b78c7ca1f806b0dfa97b54b702206fabf94a1eca4229eed4908684122e2e070d889dc1c417043d8e88d297020307:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/misconfiguration/apache/apache-couchdb-unauth.yaml

相关漏洞推荐