High severity7.8NVD Advisory· Published Feb 12, 2018· Updated Jun 17, 2026
CVE-2016-8742
CVE-2016-8742
Description
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Apache Software Foundation/Apache CouchDBv5Range: 2.0.0 (Windows platform only)
Patches
Vulnerability mechanics
References
3- mail-archives.apache.org/mod_mbox/couchdb-dev/201612.mbox/%3C825F65E1-0E5F-4E1F-8053-CF2C6200C526%40apache.org%3EnvdVendor Advisory
- www.securityfocus.com/bid/94766nvdThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/40865/nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.