DB: MongoDB nativeHelper.apply Feature Remote Code Execution

This signature detects attempts to exploit a known vulnerability against MongoDB. A successful attack can lead to arbitrary code execution.

Extended Description

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.

Affected Products

Mongodb mongodb

References

BugTraq: 58695

CVE: CVE-2013-1892

Short Name
DB:MONGODB-NATIVEHELPER-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
CVE-2013-1892 Code Execution Feature MongoDB Remote bid:58695 nativeHelper.apply
Release Date
08/20/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3571
Port
TCP/27017
False Positive
Unknown
Vendors

Mongodb

Redhat

CVSS Score

6.0

Found a potential security threat?