MongoDB BSON Object Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running MongoDB and is prone to a denial of service vulnerability.

Impact

Successful exploitation will allow remote authenticated users to access sensitive information stored in the server process memory. Impact Level: Application

Solution

Upgrade to MongoDB version 2.3.2 or later, For updates refer to http://www.mongodb.org

Insight

An error exists in the application which fails to properly validate incorrect length of an BSON object.

Affected

MongoDB version prior to 2.3.2

Detection

Get the installed version of MongoDB with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/show/osvdb/102521
https://jira.mongodb.org/browse/SERVER-7769

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-6619

CVSS	Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P

Related Vulnerabilities

Oracle MySQL Server Multiple Vulnerabilities-03 Nov12 (Windows)
Oracle MySQL Multiple Unspecified vulnerabilities - 02 Jan14 (Windows)
PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
Oracle MySQL Server Multiple Vulnerabilities-02 Nov12 (Windows)
MySQL Unspecified vulnerability-06 July-2013 (Windows)

Take action and discover your vulnerabilities