[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

151495

 
 

909

 
 

120991

 
 

163

Paid content will be excluded from the download.


Download | Alert*
OVAL

Improper input validation vulnerability in MongoDB - CVE-2019-2389

ID: oval:org.secpod.oval:def:60417Date: (C)2020-01-03   (M)2020-10-08
Class: VULNERABILITYFamily: windows




The host is installed with MongoDB 4.0 before 4.0.11, 3.6 before 3.6.14 or 3.4 before 3.4.22 and is prone to an improper input vulnerability. A flaw is present in the application which fails to handle SysV init scripts. Successful exploitation allows an attacker to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init.

Platform:
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows 7
Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Product:
MongoDB
Reference:
CVE-2019-2389
CVE    1
CVE-2019-2389
CPE    1
cpe:/a:mongodb:mongodb

© SecPod Technologies