Apache CouchDB JSON Remote Privilege Escalation Vulnerability
Description
Apache CouchDB versions prior to 1.7.0 and 2.1.1 contain a privilege escalation vulnerability caused by inconsistent JSON parsing between its Erlang and JavaScript parsers. Attackers can exploit this discrepancy by submitting specially crafted _users documents containing duplicate 'roles' keys, allowing them to assign themselves administrative privileges including the '_admin' role. When chained with CVE-2017-12636, this vulnerability enables complete system compromise through remote code execution.
Remediation
Immediately upgrade Apache CouchDB to version 1.7.0 or 2.1.1 or later, which contain fixes for this vulnerability. Follow these steps:
1. Back up all CouchDB databases and configuration files before upgrading
2. Download the patched version from the official Apache CouchDB website
3. Stop the CouchDB service and perform the upgrade according to the official migration guide
4. After upgrading, review all existing _users documents for suspicious duplicate keys or unauthorized administrative accounts
5. Implement network-level access controls to restrict CouchDB access to trusted IP addresses only
6. Enable authentication and ensure all default credentials have been changed
7. Monitor CouchDB logs for any suspicious authentication attempts or privilege escalation activities
If immediate patching is not possible, restrict network access to CouchDB to trusted sources only and disable user registration until the upgrade can be completed.