CVE-2015-1609

Published Mar 30, 2015

Last updated 3 months ago

CVSS info 5.0

Overview

Description: MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCE4594D-0D87-486C-A2C8-97D5378B9347",
            "versionEndIncluding": "2.4.12"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E60BA295-06A2-418F-9FBC-C8DBB42AA044"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B21D4014-E2DB-4C9C-9491-B77BDA243DCE"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F742DADE-2B37-47F7-A9E3-4A887710745D"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4F4F4E4-2B19-4B39-AB83-94036A724E53"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E081EE70-D8CA-4BA9-9322-B7AAB5D81577"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5EE4A696-C8F8-45A8-BD8E-EE641A94D77A"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13CBC60C-9F7E-4635-95EC-46142470CB76"
          },
          {
            "criteria": "cpe:2.3:a:mongodb:mongodb:2.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "170A26F4-4FE8-476B-A947-940D1CAAB0A6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References