MongoDB NativeHelper Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running MongoDB and is prone to a denial of service vulnerability.

Impact

Successful exploitation will allow remote authenticated users to cause a denial of service condition or execute arbitrary code via a crafted memory address in the first argument. Impact Level: System/Application

Solution

Upgrade to MongoDB version 2.0.9 or 2.2.4 or 2.4.2 or later, For updates refer to http://www.mongodb.org

Insight

An error exists in nativeHelper function in SpiderMonkey which fails to validate requests properly.

Affected

MongoDB version before 2.0.9 and 2.2.x before 2.2.4

Detection

Get the installed version of MongoDB with the help of detect NVT and check the version is vulnerable or not.

References

http://www.mongodb.org/about/alerts
http://www.osvdb.com/91632
https://jira.mongodb.org/browse/SERVER-9124

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1892
CVSS Base Score: 6.0
AV:N/AC:M/Au:S/C:P/I:P/A:P

Related Vulnerabilities

IBM DB2 Chaining Functionality DRDA Module DoS Vulnerability
IBM DB2 Multiple Security Bypass Vulnerabilities (May-11)
PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
MySQL Denial of Service (infinite loop) Vulnerabilities

MongoDB nativeHelper Denial of Service Vulnerability

Take action and discover your vulnerabilities