Description

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

Remediation

References

CVE-2014-3971

Related Vulnerabilities

WordPress Plugin IMPress for IDX Broker Multiple Vulnerabilities (2.6.1)

ReviveAdserver Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-52664)

YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)

WordPress Plugin WP Google Maps Cross-Site Scripting (7.11.34)

Apache HTTP Server Interpretation Conflict Vulnerability (CVE-2022-37436)

Severity

Medium

Classification

CVE-2014-3971 CWE-20

Tags

Missing Update Known Vulnerabilities