Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6619

Опубликовано: 06 мар. 2014
Источник: nvd
CVSS2: 6.4
EPSS Низкий

Описание

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Версия до 2.3.1 (включая)
cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.01265
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2012-6619

ubuntu
почти 12 лет назад

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

redhat логотип

CVE-2012-6619

redhat
около 13 лет назад

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

debian логотип

CVE-2012-6619

debian
почти 12 лет назад

The default configuration for MongoDB before 2.3.2 does not validate o ...

github логотип

GHSA-7gm2-h58c-936h

github
больше 3 лет назад

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.

EPSS

Процентиль: 79%
0.01265
Низкий

6.4 Medium

CVSS2

Дефекты

CWE-20