MongoDB Engine_v8 Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running MongoDB and is prone to a denial of service vulnerability.

Impact

Successful exploitation will allow remote authenticated users to cause a denial of service condition by dereferencing an uninitialized pointer. Impact Level: Application

Solution

Upgrade to MongoDB version 2.4.5 or 2.5.1 or later, For updates refer to http://www.mongodb.org

Insight

An error exists in engine_v8 which fails to parse certain regular expressions.

Affected

MongoDB version 2.4.0 through 2.4.4

Detection

Get the installed version of MongoDB with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/54170
http://www.mongodb.org/about/alerts
https://jira.mongodb.org/browse/SERVER-9878

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3969

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability
IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
MySQL Unspecified vulnerability-06 July-2013 (Windows)
Oracle Database Server Authentication Protocol Security Bypass Vulnerability
PostgreSQL Multiple Security Bypass Vulnerability July14 (Windows)

MongoDB engine_v8 Denial of Service Vulnerability

Take action and discover your vulnerabilities