Apache CouchDB Panel - Detect

What is the "Apache CouchDB Panel - Detect?"

The "Apache CouchDB Panel - Detect" module is designed to detect the presence of an Apache CouchDB panel. Apache CouchDB is an open-source NoSQL database that uses JSON for data storage. This module specifically targets the CouchDB panel and checks for its existence.

This module has an informative severity level, which means it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: organiccrap

Impact

This module does not have any direct impact as it only detects the presence of the Apache CouchDB panel. However, the presence of an exposed CouchDB panel could potentially lead to unauthorized access or data leakage if not properly secured.

How does the module work?

The module works by sending an HTTP GET request to the "/_all_dbs" endpoint of the target server. It then applies two matching conditions to determine if the response indicates the presence of the CouchDB panel.

The first matching condition checks the response headers for the presence of the "CouchDB/" and "Erlang OTP/" keywords. If both keywords are found, it indicates that the server is running CouchDB.

The second matching condition verifies that the response status code is 200, indicating a successful request. If both matching conditions are met, the module reports the detection of the Apache CouchDB panel.

Example HTTP request:

GET /_all_dbs HTTP/1.1
Host: [target server]

Matching conditions:

- Response headers must contain "CouchDB/" and "Erlang OTP/" - Response status code must be 200

Metadata:

- max-request: 1