Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310808148HistoryJun 07, 2016 - 12:00 a.m.
MongoDB BSON Object Information Disclosure Vulnerability - Linux
2016-06-0700:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
15
7.8 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.015 Low
EPSS
Percentile
86.6%
MongoDB is prone to a denial of service vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:mongodb:mongodb";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.808148");
script_version("2024-02-15T05:05:40+0000");
script_cve_id("CVE-2012-6619");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"creation_date", value:"2016-06-07 10:46:58 +0530 (Tue, 07 Jun 2016)");
script_name("MongoDB BSON Object Information Disclosure Vulnerability - Linux");
script_tag(name:"summary", value:"MongoDB is prone to a denial of service vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"An error exists in the application which
fails to properly validate incorrect length of an BSON object.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
authenticated users to access sensitive information stored in the server process
memory.");
script_tag(name:"affected", value:"MongoDB version prior to 2.3.2 on Linux");
script_tag(name:"solution", value:"Upgrade to MongoDB version 2.3.2 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"https://jira.mongodb.org/browse/SERVER-7769");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/64687");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_family("Databases");
script_copyright("Copyright (C) 2016 Greenbone AG");
script_dependencies("gb_mongodb_detect.nasl", "os_detection.nasl");
script_mandatory_keys("mongodb/installed", "Host/runs_unixoide");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!mbPort = get_app_port(cpe:CPE))exit(0);
if(!ver = get_app_version(cpe:CPE, port:mbPort))exit(0);
if(version_is_less(version:ver, test_version:"2.3.2"))
{
report = report_fixed_ver(installed_version:ver, fixed_version:"2.3.2");
security_message(data:report, port:mbPort);
exit(0);
}
Related
ubuntucve
ubuntucve
CVE-2012-6619
2014-03-06 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0083)
2022-01-28 00:00:00
MongoDB BSON Object Information Disclosure Vulnerability
2014-03-14 00:00:00
mageia
mageia
Updated mongodb package fixes security vulnerability
2014-02-17 22:15:16
redhat
redhat
(RHSA-2014:0230) Moderate: mongodb security update
2014-03-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:51
debiancve
debiancve
CVE-2012-6619
2014-03-06 15:55:00
nessus
nessus
MongoDB < 2.3.2 BSON Object Length Handling Memory Disclosure
2014-02-05 00:00:00
RHEL 6 : MRG (RHSA-2014:0440)
2014-07-22 00:00:00
cve
cve
CVE-2012-6619
2014-03-06 15:55:00
prion
prion
Default configuration
2014-03-06 15:55:00
n0where
n0where
MongoDB Security Audit: mongoaudit
2017-02-16 06:05:56
kitploit
kitploit
mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool
2017-02-22 14:04:00
7.8 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.015 Low
EPSS
Percentile
86.6%
Related for OPENVAS:1361412562310808148