PT-2017-14091 · Mongodb · Mongodb

Publicado

2017-11-01

Atualizado

2017-11-22

CVE-2017-15535

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions MongoDB versions 3.4.x through 3.4.9 MongoDB versions 3.5.x-development

Description The issue is related to a configuration setting, networkMessageCompressors, which is disabled by default. When enabled, it exposes a potential problem that could be exploited by a malicious attacker to deny service or modify memory.

Recommendations For MongoDB versions 3.4.x through 3.4.9, consider disabling the networkMessageCompressors setting to prevent potential exploitation. For MongoDB versions 3.5.x-development, avoid using the networkMessageCompressors setting until a fix is available. As a temporary workaround, consider disabling the networkMessageCompressors setting for all affected versions until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2017-15535

OPENSUSE-SU-2017:3018-1

OPENSUSE-SU-2017:3022-1

Produtos afetados

Mongodb

PT-2017-14091 · Mongodb · Mongodb

CVE-2017-15535

Identificadores relacionados

Produtos afetados

Referências · 12