| VID |
25317 |
| Severity |
30 |
| Port |
27017 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of the remote MongoDB server is 2.4 or 2.6. It is, therefore, affected by a denial of service vulnerability in mongod. A remote, unauthenticated attacker can exploit this, via authenticating against a non-existent database to cause a memory exhaustion, denying service to legitimate users.
* References:
https://jira.mongodb.org/browse/SERVER-24378
* Platforms Affected:
MongoDB 2.4 or 2.6
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of MongoDB(2.7 later), available from the MongoDB Web page at https://www.mongodb.com/download-center/community |
| Related URL |
CVE-2016-3104 (CVE) |
| Related URL |
94929 (SecurityFocus) |
| Related URL |
(ISS) |
|
