Databases : MongoDB nativeHelper Denial of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803951

Categoría: Databases

Título: MongoDB nativeHelper Denial of Service Vulnerability

Resumen: MongoDB is prone to a denial of service vulnerability.

Descripción: Summary:
MongoDB is prone to a denial of service vulnerability.

Vulnerability Insight:
An error exists in nativeHelper function
in SpiderMonkey which fails to validate requests properly.

Vulnerability Impact:
Successful exploitation will allow remote
authenticated users to cause a denial of service condition or execute arbitrary
code via a crafted memory address in the first argument.

Affected Software/OS:
MongoDB version before 2.0.9 and 2.2.x before 2.2.4 on Windows

Solution:
Upgrade to MongoDB 2.0.9 or 2.2.4 or 2.4.2 or later.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1892
24935
http://www.exploit-db.com/exploits/24935
24947
http://www.exploit-db.com/exploits/24947
FEDORA-2013-4531
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html
FEDORA-2013-4539
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html
RHSA-2013:1170
http://rhn.redhat.com/errata/RHSA-2013-1170.html
[oss-security] 20130325 Re: CVE Request: Mongo DB
http://www.openwall.com/lists/oss-security/2013/03/25/9
http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
http://www.mongodb.org/about/alerts/
https://jira.mongodb.org/browse/SERVER-9124

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803951
Categoría:	Databases
Título:	MongoDB nativeHelper Denial of Service Vulnerability
Resumen:	MongoDB is prone to a denial of service vulnerability.
Descripción:	Summary: MongoDB is prone to a denial of service vulnerability. Vulnerability Insight: An error exists in nativeHelper function in SpiderMonkey which fails to validate requests properly. Vulnerability Impact: Successful exploitation will allow remote authenticated users to cause a denial of service condition or execute arbitrary code via a crafted memory address in the first argument. Affected Software/OS: MongoDB version before 2.0.9 and 2.2.x before 2.2.4 on Windows Solution: Upgrade to MongoDB 2.0.9 or 2.2.4 or 2.4.2 or later. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1892 24935 http://www.exploit-db.com/exploits/24935 24947 http://www.exploit-db.com/exploits/24947 FEDORA-2013-4531 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html FEDORA-2013-4539 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html RHSA-2013:1170 http://rhn.redhat.com/errata/RHSA-2013-1170.html [oss-security] 20130325 Re: CVE Request: Mongo DB http://www.openwall.com/lists/oss-security/2013/03/25/9 http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/ http://www.mongodb.org/about/alerts/ https://jira.mongodb.org/browse/SERVER-9124
Copyright	Copyright (C) 2013 Greenbone AG