Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2016 Greenbone AGOPENVAS:1361412562310808149
HistoryJun 07, 2016 - 12:00 a.m.

MongoDB engine_v8 Denial of Service Vulnerability - Linux

2016-06-0700:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
14

7.8 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.6%

JSON

MongoDB is prone to a denial of service vulnerability.

# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:mongodb:mongodb";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.808149");
  script_version("2024-02-15T05:05:40+0000");
  script_cve_id("CVE-2013-3969");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2016-06-07 10:55:52 +0530 (Tue, 07 Jun 2016)");
  script_name("MongoDB engine_v8 Denial of Service Vulnerability - Linux");

  script_tag(name:"impact", value:"Successful exploitation will allow
  remote authenticated users to cause a denial of service condition by
  dereferencing an uninitialized pointer.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"An error exists in engine_v8 which fails
  to parse certain regular expressions.");

  script_tag(name:"solution", value:"Upgrade to MongoDB version 2.4.5 or 2.5.1 or later.");
  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"summary", value:"MongoDB is prone to a denial of service vulnerability.");

  script_tag(name:"affected", value:"MongoDB version 2.4.0 through 2.4.4 on Linux");

  script_xref(name:"URL", value:"http://www.mongodb.org/about/alerts");
  script_xref(name:"URL", value:"http://secunia.com/advisories/54170");
  script_xref(name:"URL", value:"https://jira.mongodb.org/browse/SERVER-9878");
  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"remote_banner_unreliable");
  script_family("Databases");
  script_copyright("Copyright (C) 2016 Greenbone AG");
  script_dependencies("gb_mongodb_detect.nasl", "os_detection.nasl");
  script_mandatory_keys("mongodb/installed", "Host/runs_unixoide");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!port = get_app_port(cpe:CPE))
  exit(0);

if(!ver = get_app_version(cpe:CPE, port:port))
  exit(0);

if(ver =~ "^2\.4")
{
  if(version_in_range(version:ver, test_version:"2.4.0", test_version2:"2.4.4"))
  {
    report = report_fixed_ver(installed_version:ver, fixed_version:"2.4.5");
    security_message(data:report, port:port);
    exit(0);
  }
}

Related

cvelist 1
cve 2
ubuntucve 1
debiancve 1
prion 2
openvas 1
nessus 1
kitploit 1
n0where 1
cvelist
cvelist
CVE-2013-3969
2022-10-03 16:14:44
cve
cve
CVE-2013-3969
2013-10-01 20:55:00
CVE-2013-4142
2013-10-01 20:55:00
ubuntucve
ubuntucve
CVE-2013-3969
2013-10-01 00:00:00
debiancve
debiancve
CVE-2013-3969
2013-10-01 20:55:00
prion
prion
Null pointer dereference
2013-10-01 20:55:00
Design/Logic Flaw
2013-10-01 20:55:00
openvas
openvas
MongoDB engine_v8 Denial of Service Vulnerability
2013-10-07 00:00:00
nessus
nessus
MongoDB < 2.4.5 / 2.5.1 Multiple Vulnerabilities
2013-07-11 00:00:00
kitploit
kitploit
mongoaudit - A Powerful MongoDB Auditing and Pentesting Tool
2017-02-22 14:04:00
n0where
n0where
MongoDB Security Audit: mongoaudit
2017-02-16 06:05:56

7.8 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.6%

JSON
Related for OPENVAS:1361412562310808149
cvelist1cve2ubuntucve1debiancve1prion2openvas1nessus1kitploit1n0where1