Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14268

Potential information leak

    • Fully Compatible
    • ALL
    • Server 2.7.3, Server 2.7.4, Server 2.7.5

      Issue Status as of Aug 08, 2014

      ISSUE SUMMARY
      Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.

      USER IMPACT
      Potentially sensitive information could be disclosed from the server.

      WORKAROUNDS
      Implement MongoDB Security Best Practices and ensure access to the database server is restricted.

      AFFECTED VERSIONS
      MongoDB production releases up to 2.6.3 are affected by this issue.

      FIX VERSION
      The fix is included in the 2.6.4 production release.

      RESOLUTION DETAILS
      The response sent by the server returns only validated data.

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            daniel.medina Daniel Medina (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: