Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-17610

Vulnerable OpenSSL version used in Windows build

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Works as Designed
    • Affects Version/s: 3.0.1
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      Windows
    • Sprint:
      BUILD 0 3/13/15, BUILD 1 04/03/15

      Description

      I just downloaded the "win32/mongodb-win32-x86_64-2008plus-ssl-v3.0-latest.zip" from the build archive, extracted the server and started it.

      According to the log it is version "db version v3.0.1-rc1-pre-"

      In the log output I noticed the output
      "OpenSSL version: OpenSSL 0.9.8r 8 Feb 2011"

      I hope this is a joke. I just don't want to know how many known vulnerabilities are included in this version. I assume at least one will be relevant for Mongo!

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jonathan.reams Jonathan Reams
              Reporter:
              mango Jan S.
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: