9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
50.2%
Severity: High
Date : 2018-01-05
CVE-ID : CVE-2017-15535
Package : mongodb
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-503
The package mongodb before version 3.6.0-1 is vulnerable to arbitrary
code execution.
Upgrade to 3.6.0-1.
The problem has been fixed upstream in version 3.6.0.
To disable wire protocol compression, users may specify disabled as the
compression engine, either in the command line:
--networkMessageCompressors disabled
or, alternatively, in the mongod configuration file as:
net:
compression:
compressors: disabled
MongoDB 3.4.x before 3.4.10, has a disabled-by-default configuration
setting, networkMessageCompressors (aka wire protocol compression),
which exposes a vulnerability when enabled that could be exploited by a
malicious attacker to deny service or modify memory of the running
process.
A remote unprivileged attacker is able to crash the mongodb service or
modify memory of the running process.
https://bugs.archlinux.org/task/56379
https://jira.mongodb.org/browse/SERVER-31273
https://github.com/mongodb/mongo/commit/5ad69b851801edadbfde8fdf271f4ba7c21170b5
https://security.archlinux.org/CVE-2017-15535
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
50.2%