MongoDB < 2.3.2 BSON Object Length Handling Memory Disclosure

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote database server is affected by an information disclosure

Description :

The version of the remote MongoDB server is a version prior to 2.3.2.
It is, therefore, potentially affected by an information disclosure
vulnerability. An error exists related to handling BSON (Binary
JavaScript Object Notation) objects having incorrect length that could
allow possible disclosure of information held in memory.

See also :

Solution :

Upgrade to MongoDB 2.3.2 / 2.4.0 or later. Alternatively, use the
'--objcheck' command line switch to force object checking.

Note that version 2.3.2 is a development version and is not recommended
for production use.

Risk factor :

Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 4.0
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 72334 ()

Bugtraq ID: 64687

CVE ID: CVE-2012-6619