HIGH: Accessible CouchDB Report

DESCRIPTION LAST UPDATED: 2023-12-08

DEFAULT SEVERITY LEVEL: HIGH

Introduction

This report identifies accessible Apache CouchDB servers on port 5984/tcp. Apache CouchDB  is an open-source document-oriented NoSQL database written in Erlang (see Wikipedia).

How we scan 

We scan by sending HTTP “GET /” connection request to port 5984/tcp. The request is tweaked to clarify we speak JSON.

You can reproduce our results by running:

zgrab2 http -p 5984 –custom-headers-names=Accept –custom-headers-values=’application/json’ –endpoint=”/”

If we receive a CouchDB response from an IP we followup with a “GET /_all_dbs” request to see a listing of visible databases (if any).

We do not perform any intrusive checks on a discovered service or database.

As of 2022-07-03, we found 4139 unique CouchDB server instances exposed on IPv4 (daily scan result).

Dashboard

You can track latest CouchDB scan results on the Shadowserver Dashboard.

Mitigation

It is unlikely that you need to have a CouchDB server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive this report from us for your network or constituency make sure to firewall traffic to this service.

In some cases access may be exploitable due to an additional vulnerability. A recent example is a CVSS 9.8 remote code execution vulnerability in Apache CouchDB (CVE-2022-24706).
Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename: scan_couchdb

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always TCP)
  • port
    Port that is being queried (port 5984)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Tag set to "couchdb"
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • sector
    Sector the identified device belongs to
  • server_version
    CouchDB server version (full)
  • couchdb_message
    Couchdb welcome message
  • couchdb_version
    CouchDB version (short)
  • git_sha
    Git build sha
  • features
    Features available
  • vendor
    Vendor (typically The Apache Software Foundation)
  • visible_databases
    Visible databases
  • error
    Any error (if any)
  • error_reason
    Error reason (if any)

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","sector","server_version","couchdb_message","couchdb_version","git_sha","features","vendor","visible_databases","error","error_reason"
"2010-02-10 00:00:00",high,192.168.0.1,tcp,5984,node01.example.com,couchdb,64512,ZZ,Region,City,0,ptr,"Retail Trade","CouchDB/3.2.2 (Erlang OTP/23)",Welcome,3.2.2,d5b746b7c,"access-ready,partitioned,pluggable-storage-engines,reshard,scheduler","The Apache Software Foundation",,,
"2010-02-10 00:00:01",high,192.168.0.2,tcp,5984,node02.example.com,couchdb,64512,ZZ,Region,City,0,,"Communications, Service Provider, and Hosting Service","CouchDB/3.3.2 (Erlang OTP/24)",Welcome,3.3.2,11a234070,"access-ready,partitioned,pluggable-storage-engines,reshard,scheduler","The Apache Software Foundation",,,
"2010-02-10 00:00:02",high,192.168.0.3,tcp,5984,node03.example.com,couchdb,64512,ZZ,Region,City,0,ptr,"Retail Trade","CouchDB/3.3.2 (Erlang OTP/24)",Welcome,3.3.2,11a234070,"access-ready,partitioned,pluggable-storage-engines,reshard,scheduler","The Apache Software Foundation",,,

Our 132 Report Types