Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14268

Potential information leak

    XMLWordPrintableJSON

Details

    • Fully Compatible
    • ALL
    • Server 2.7.3, Server 2.7.4, Server 2.7.5

    Description

      Issue Status as of Aug 08, 2014

      ISSUE SUMMARY
      Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.

      USER IMPACT
      Potentially sensitive information could be disclosed from the server.

      WORKAROUNDS
      Implement MongoDB Security Best Practices and ensure access to the database server is restricted.

      AFFECTED VERSIONS
      MongoDB production releases up to 2.6.3 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.6.4 production release.

      RESOLUTION DETAILS
      The response sent by the server returns only validated data.

      Attachments

        Activity

          People

            mark.benvenuto@mongodb.com Mark Benvenuto
            daniel.medina Daniel Medina (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: