Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2012-6619HistoryMar 06, 2014 - 3:55 p.m.
CVE-2012-6619
2014-03-0615:55:00
Debian Security Bug Tracker
security-tracker.debian.org
12
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | mongodb | < 1:3.2.11-2+deb9u1 | mongodb_1:3.2.11-2+deb9u1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2012-6619
2014-03-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0083)
2022-01-28 00:00:00
MongoDB BSON Object Information Disclosure Vulnerability - Linux
2016-06-07 00:00:00
MongoDB BSON Object Information Disclosure Vulnerability
2014-03-14 00:00:00
mageia
mageia
Updated mongodb package fixes security vulnerability
2014-02-17 22:15:16
redhat
redhat
(RHSA-2014:0230) Moderate: mongodb security update
2014-03-04 00:00:00
nessus
nessus
MongoDB < 2.3.2 BSON Object Length Handling Memory Disclosure
2014-02-05 00:00:00
RHEL 6 : MRG (RHSA-2014:0440)
2014-07-22 00:00:00
cve
cve
CVE-2012-6619
2014-03-06 15:55:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:51
prion
prion
Default configuration
2014-03-06 15:55:00
n0where
n0where
MongoDB Security Audit: mongoaudit
2017-02-16 06:05:56
kitploit
kitploit
mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool
2017-02-22 14:04:00
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
Related for DEBIANCVE:CVE-2012-6619