6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
mongodb is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer overread.
blog.ptsecurity.com/2012/11/attacking-mongodb.html
rhn.redhat.com/errata/RHSA-2014-0230.html
rhn.redhat.com/errata/RHSA-2014-0440.html
www.openwall.com/lists/oss-security/2014/01/07/13
www.openwall.com/lists/oss-security/2014/01/07/2
www.openwall.com/lists/oss-security/2014/01/08/9
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1049748
jira.mongodb.org/browse/SERVER-7769
rhn.redhat.com/errata/RHSA-2014-0230.html