cvelistv5 - cve-2017-15535

CVE-2017-15535 (GCVE-0-2017-15535)

Vulnerability from cvelistv5 – Published: 2017-11-01 01:00 – Updated: 2024-08-05 19:57

Summary

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/101689	vdb-entryx_refsource_BID
	https://jira.mongodb.org/browse/SERVER-31273	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:57:26.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101689",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-31273"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "101689",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.mongodb.org/browse/SERVER-31273"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101689",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101689"
            },
            {
              "name": "https://jira.mongodb.org/browse/SERVER-31273",
              "refsource": "CONFIRM",
              "url": "https://jira.mongodb.org/browse/SERVER-31273"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-15535",
    "datePublished": "2017-11-01T01:00:00",
    "dateReserved": "2017-10-17T00:00:00",
    "dateUpdated": "2024-08-05T19:57:26.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.4.0\", \"versionEndExcluding\": \"3.4.10\", \"matchCriteriaId\": \"BC15E8B4-0238-40AE-9BF2-C18DEB922790\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.\"}, {\"lang\": \"es\", \"value\": \"MongoDB, en versiones 3.4.x anteriores a la 3.4.10, y desarrollos 3.5.x, tiene un ajuste de configuraci\\u00f3n deshabilitado por defecto, networkMessageCompressors (tambi\\u00e9n conocido como wire protocol compression), que expone una vulnerabilidad cuando se habilita que podr\\u00eda ser explotada por atacantes maliciosos con el fin de provocar una denegaci\\u00f3n de servicio o modificar memoria.\"}]",
      "id": "CVE-2017-15535",
      "lastModified": "2024-11-21T03:14:44.250",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-11-01T01:29:00.637",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/101689\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jira.mongodb.org/browse/SERVER-31273\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/101689\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://jira.mongodb.org/browse/SERVER-31273\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-15535\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-11-01T01:29:00.637\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.\"},{\"lang\":\"es\",\"value\":\"MongoDB, en versiones 3.4.x anteriores a la 3.4.10, y desarrollos 3.5.x, tiene un ajuste de configuraci\u00f3n deshabilitado por defecto, networkMessageCompressors (tambi\u00e9n conocido como wire protocol compression), que expone una vulnerabilidad cuando se habilita que podr\u00eda ser explotada por atacantes maliciosos con el fin de provocar una denegaci\u00f3n de servicio o modificar memoria.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.10\",\"matchCriteriaId\":\"BC15E8B4-0238-40AE-9BF2-C18DEB922790\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/101689\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jira.mongodb.org/browse/SERVER-31273\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/101689\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jira.mongodb.org/browse/SERVER-31273\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2017-15535

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2017-15535

Aliases

CVE-2017-15535

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-15535",
    "description": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.",
    "id": "GSD-2017-15535",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-15535.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-15535"
      ],
      "details": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.",
      "id": "GSD-2017-15535",
      "modified": "2023-12-13T01:20:59.267131Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-15535",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "101689",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101689"
          },
          {
            "name": "https://jira.mongodb.org/browse/SERVER-31273",
            "refsource": "CONFIRM",
            "url": "https://jira.mongodb.org/browse/SERVER-31273"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.10",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15535"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.mongodb.org/browse/SERVER-31273",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://jira.mongodb.org/browse/SERVER-31273"
            },
            {
              "name": "101689",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101689"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2017-11-22T21:39Z",
      "publishedDate": "2017-11-01T01:29Z"
    }
  }
}

CERTFR-2017-AVI-386

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans MongoDB . Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	MongoDB	N/A	MongoDB 3.5
	MongoDB	N/A	MongoDB 3.4.x versions antérieures à 3.4.10

References

Title

Publication Time

Tags

Bulletin de sécurité MongoDB du 31 octobre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MongoDB 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB 3.4.x versions ant\u00e9rieures \u00e0 3.4.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-15535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15535"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-386",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MongoDB . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans MongoDB",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB du 31 octobre 2017",
      "url": "https://jira.mongodb.org/browse/SERVER-31273"
    }
  ]
}

CERTFR-2017-AVI-386

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans MongoDB . Elle permet à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	MongoDB	N/A	MongoDB 3.5
	MongoDB	N/A	MongoDB 3.4.x versions antérieures à 3.4.10

References

Title

Publication Time

Tags

Bulletin de sécurité MongoDB du 31 octobre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MongoDB 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    },
    {
      "description": "MongoDB 3.4.x versions ant\u00e9rieures \u00e0 3.4.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "MongoDB",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-15535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15535"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-386",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-11-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans MongoDB . Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans MongoDB",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MongoDB du 31 octobre 2017",
      "url": "https://jira.mongodb.org/browse/SERVER-31273"
    }
  ]
}

OPENSUSE-SU-2017:3022-1

Vulnerability from csaf_opensuse - Published: 2017-11-15 10:56 - Updated: 2017-11-15 10:56

Summary

Security update for mongodb

Notes

Title of the patch

Security update for mongodb

Description of the patch

This update for mongodb 3.4.10 fixes the following issues: Security issues fixed: - CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. (boo#1065956) Bug fixes: - See release-notes for 3.4.4 - 3.4.10 changes. * https://docs.mongodb.com/manual/release-notes/3.4-changelog/

Patchnames

openSUSE-2017-1275

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for mongodb",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for mongodb 3.4.10 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. (boo#1065956)\n\nBug fixes:\n- See release-notes for 3.4.4 - 3.4.10 changes.\n  * https://docs.mongodb.com/manual/release-notes/3.4-changelog/\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2017-1275",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_3022-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1065956",
        "url": "https://bugzilla.suse.com/1065956"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15535 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15535/"
      }
    ],
    "title": "Security update for mongodb",
    "tracking": {
      "current_release_date": "2017-11-15T10:56:14Z",
      "generator": {
        "date": "2017-11-15T10:56:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2017:3022-1",
      "initial_release_date": "2017-11-15T10:56:14Z",
      "revision_history": [
        {
          "date": "2017-11-15T10:56:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mongodb-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongoperf-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-mongoperf-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-mongoperf-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongos-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-mongos-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-mongos-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-server-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-server-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-server-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-shell-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-shell-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-shell-3.4.10-5.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mongodb-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-3.4.10-5.1.s390x",
                  "product_id": "mongodb-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongoperf-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-mongoperf-3.4.10-5.1.s390x",
                  "product_id": "mongodb-mongoperf-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongos-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-mongos-3.4.10-5.1.s390x",
                  "product_id": "mongodb-mongos-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-server-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-server-3.4.10-5.1.s390x",
                  "product_id": "mongodb-server-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-shell-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-shell-3.4.10-5.1.s390x",
                  "product_id": "mongodb-shell-3.4.10-5.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mongodb-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongoperf-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-mongoperf-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-mongoperf-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongos-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-mongos-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-mongos-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-server-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-server-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-server-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-shell-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-shell-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-shell-3.4.10-5.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12 SP2",
                "product": {
                  "name": "SUSE Package Hub 12 SP2",
                  "product_id": "SUSE Package Hub 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongoperf-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-mongoperf-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongoperf-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-mongoperf-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongoperf-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-mongoperf-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongos-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-mongos-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongos-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-mongos-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongos-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-mongos-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-server-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-server-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-server-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-server-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-server-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-server-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-shell-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-shell-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-shell-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-shell-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-shell-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-shell-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-15535",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15535"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15535",
          "url": "https://www.suse.com/security/cve/CVE-2017-15535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1065956 for CVE-2017-15535",
          "url": "https://bugzilla.suse.com/1065956"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-15T10:56:14Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2017-15535"
    }
  ]
}

OPENSUSE-SU-2017:3018-1

Vulnerability from csaf_opensuse - Published: 2017-11-15 10:56 - Updated: 2017-11-15 10:56

Summary

Security update for mongodb

Notes

Title of the patch

Security update for mongodb

Description of the patch

Patchnames

openSUSE-2017-1275

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for mongodb",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for mongodb 3.4.10 fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2017-15535: MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. (boo#1065956)\n\nBug fixes:\n- See release-notes for 3.4.4 - 3.4.10 changes.\n  * https://docs.mongodb.com/manual/release-notes/3.4-changelog/\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2017-1275",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2017_3018-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1065956",
        "url": "https://bugzilla.suse.com/1065956"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15535 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15535/"
      }
    ],
    "title": "Security update for mongodb",
    "tracking": {
      "current_release_date": "2017-11-15T10:56:14Z",
      "generator": {
        "date": "2017-11-15T10:56:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2017:3018-1",
      "initial_release_date": "2017-11-15T10:56:14Z",
      "revision_history": [
        {
          "date": "2017-11-15T10:56:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mongodb-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongoperf-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-mongoperf-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-mongoperf-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongos-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-mongos-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-mongos-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-server-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-server-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-server-3.4.10-5.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-shell-3.4.10-5.1.aarch64",
                "product": {
                  "name": "mongodb-shell-3.4.10-5.1.aarch64",
                  "product_id": "mongodb-shell-3.4.10-5.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mongodb-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-3.4.10-5.1.s390x",
                  "product_id": "mongodb-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongoperf-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-mongoperf-3.4.10-5.1.s390x",
                  "product_id": "mongodb-mongoperf-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongos-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-mongos-3.4.10-5.1.s390x",
                  "product_id": "mongodb-mongos-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-server-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-server-3.4.10-5.1.s390x",
                  "product_id": "mongodb-server-3.4.10-5.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-shell-3.4.10-5.1.s390x",
                "product": {
                  "name": "mongodb-shell-3.4.10-5.1.s390x",
                  "product_id": "mongodb-shell-3.4.10-5.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mongodb-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongoperf-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-mongoperf-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-mongoperf-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-mongos-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-mongos-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-mongos-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-server-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-server-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-server-3.4.10-5.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mongodb-shell-3.4.10-5.1.x86_64",
                "product": {
                  "name": "mongodb-shell-3.4.10-5.1.x86_64",
                  "product_id": "mongodb-shell-3.4.10-5.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 12 SP2",
                "product": {
                  "name": "SUSE Package Hub 12 SP2",
                  "product_id": "SUSE Package Hub 12 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongoperf-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-mongoperf-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongoperf-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-mongoperf-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongoperf-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-mongoperf-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongos-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-mongos-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongos-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-mongos-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-mongos-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-mongos-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-server-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-server-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-server-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-server-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-server-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-server-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-shell-3.4.10-5.1.aarch64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64"
        },
        "product_reference": "mongodb-shell-3.4.10-5.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-shell-3.4.10-5.1.s390x as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x"
        },
        "product_reference": "mongodb-shell-3.4.10-5.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mongodb-shell-3.4.10-5.1.x86_64 as component of SUSE Package Hub 12 SP2",
          "product_id": "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
        },
        "product_reference": "mongodb-shell-3.4.10-5.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 12 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-15535",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15535"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64",
          "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64",
          "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x",
          "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15535",
          "url": "https://www.suse.com/security/cve/CVE-2017-15535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1065956 for CVE-2017-15535",
          "url": "https://bugzilla.suse.com/1065956"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongoperf-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-mongos-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-server-3.4.10-5.1.x86_64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.aarch64",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.s390x",
            "SUSE Package Hub 12 SP2:mongodb-shell-3.4.10-5.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-11-15T10:56:14Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2017-15535"
    }
  ]
}

FKIE_CVE-2017-15535

Vulnerability from fkie_nvd - Published: 2017-11-01 01:29 - Updated: 2025-04-20 01:37

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/101689	Third Party Advisory, VDB Entry
cve@mitre.org	https://jira.mongodb.org/browse/SERVER-31273	Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101689	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jira.mongodb.org/browse/SERVER-31273	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mongodb	mongodb	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC15E8B4-0238-40AE-9BF2-C18DEB922790",
              "versionEndExcluding": "3.4.10",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory."
    },
    {
      "lang": "es",
      "value": "MongoDB, en versiones 3.4.x anteriores a la 3.4.10, y desarrollos 3.5.x, tiene un ajuste de configuraci\u00f3n deshabilitado por defecto, networkMessageCompressors (tambi\u00e9n conocido como wire protocol compression), que expone una vulnerabilidad cuando se habilita que podr\u00eda ser explotada por atacantes maliciosos con el fin de provocar una denegaci\u00f3n de servicio o modificar memoria."
    }
  ],
  "id": "CVE-2017-15535",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-01T01:29:00.637",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101689"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.mongodb.org/browse/SERVER-31273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.mongodb.org/browse/SERVER-31273"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-PM5G-PW4V-3MV8

Vulnerability from github – Published: 2022-05-17 00:21 – Updated: 2022-05-17 00:21

Details

Severity ?

9.1 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-15535"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-01T01:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.",
  "id": "GHSA-pm5g-pw4v-3mv8",
  "modified": "2022-05-17T00:21:59Z",
  "published": "2022-05-17T00:21:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15535"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-31273"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101689"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-15535 (GCVE-0-2017-15535)

GSD-2017-15535

CERTFR-2017-AVI-386

Solution

CERTFR-2017-AVI-386

Solution

OPENSUSE-SU-2017:3022-1

OPENSUSE-SU-2017:3018-1

FKIE_CVE-2017-15535

GHSA-PM5G-PW4V-3MV8

Tags

Sightings

Nomenclature