[SERVER-17521] improve createIndex validation of empty name Created: 10/Mar/15 Updated: 07/Jun/17 Resolved: 10/Mar/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Index Maintenance |
| Affects Version/s: | 3.0.0 |
| Fix Version/s: | 3.0.1, 3.1.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Eliot Horowitz (Inactive) | Assignee: | Eliot Horowitz (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | ET, asp, asp-cve, asp-sdl-reported, asp-vuln-dos | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Backport Completed: | |||||
| Participants: | |||||
| Description |
|
Issue Status as of Mar 27, 2015 ISSUE SUMMARY When running with authentication, an attacker needs to be successfully authenticated into MongoDB and have write access to a database to be able to exploit this vulnerability. USER IMPACT WORKAROUNDS AFFECTED VERSIONS FIX VERSION RESOLUTION DETAILS ADDITIONAL INFORMATION CVE-2015-2705 has been designated for this issue. We rate this issue with a CVSS of 6.8 Users may reduce their exposure by limiting network access to the server. See the MongoDB Security documentation page for more information on recommended security practices for your MongoDB deployment. |
| Comments |
| Comment by Githook User [ 10/Mar/15 ] |
|
Author: {u'username': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}Message: (cherry picked from commit 245ff2fcb2e01f549ae1b0e7aa0716dcdce8765d) |
| Comment by Githook User [ 10/Mar/15 ] |
|
Author: {u'username': u'erh', u'name': u'Eliot Horowitz', u'email': u'eliot@10gen.com'}Message: |