Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14268

Potential information leak

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Completed:
    • Sprint:
      Server 2.7.3, Server 2.7.4, Server 2.7.5

      Description

      Issue Status as of Aug 08, 2014

      ISSUE SUMMARY
      Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.

      USER IMPACT
      Potentially sensitive information could be disclosed from the server.

      WORKAROUNDS
      Implement MongoDB Security Best Practices and ensure access to the database server is restricted.

      AFFECTED VERSIONS
      MongoDB production releases up to 2.6.3 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.6.4 production release.

      RESOLUTION DETAILS
      The response sent by the server returns only validated data.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: