""ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)""
SID: 2025432
Revision: 1
Class Type: attempted-admin
Metadata: created_at 2018_03_13, cve CVE_2017_12636, deployment Datacenter, performance_impact Moderate, signature_severity Major, updated_at 2018_03_13
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 5984
Flow: established,to_server,only_stream
Contents:
-
Value: "PUT /_config/query_servers/cmd HTTP" Depth: 35
-
Value: "Authorization|3a 20|Basic"
Within:
PCRE: "/\x0d\x0a\x0d\x0a\s*[\x22\x27]/"
Special Options: