ID CVE-2017-15535
Summary MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.
References
Vulnerable Configurations
  • MongoDB 3.4.0
    cpe:2.3:a:mongodb:mongodb:3.4.0
  • MongoDB 3.4.1
    cpe:2.3:a:mongodb:mongodb:3.4.1
  • MongoDB 3.4.2
    cpe:2.3:a:mongodb:mongodb:3.4.2
  • MongoDB 3.4.3
    cpe:2.3:a:mongodb:mongodb:3.4.3
  • MongoDB 3.4.4
    cpe:2.3:a:mongodb:mongodb:3.4.4
  • MongoDB 3.4.5
    cpe:2.3:a:mongodb:mongodb:3.4.5
  • MongoDB 3.4.6
    cpe:2.3:a:mongodb:mongodb:3.4.6
  • MongoDB 3.4.7
    cpe:2.3:a:mongodb:mongodb:3.4.7
  • MongoDB 3.4.9
    cpe:2.3:a:mongodb:mongodb:3.4.9
CVSS
Base: 6.4
Impact:
Exploitability:
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-1275.NASL
    description This update for mongodb 3.4.10 fixes the following issues : Security issues fixed : - CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. (boo#1065956) Bug fixes : - See release-notes for 3.4.4 - 3.4.10 changes. - https://docs.mongodb.com/manual/release-notes/3.4-changelog/
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 104614
    published 2017-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104614
    title openSUSE Security Update : mongodb (openSUSE-2017-1275)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0052.NASL
    description An update of [rsync,python2,procmail,libvirt,linux,mongodb,openssh,binutils,glibc] packages for photonOS has been released.
    last seen 2018-09-02
    modified 2018-08-17
    plugin id 111901
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111901
    title Photon OS 1.0: Binutils / Glibc / Linux / Mongodb / Openssh / Procmail / Python2 / Rsync PHSA-2017-0052
refmap via4
bid 101689
confirm https://jira.mongodb.org/browse/SERVER-31273
Last major update 31-10-2017 - 21:29
Published 31-10-2017 - 21:29
Last modified 22-11-2017 - 16:39
Back to Top