CVE-2014-3971 - OpenCVE

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mongodb	Mongodb

Configuration 1 [-]

OR	cpe:2.3:a:mongodb:mongodb:2.6.0:::::::*
	cpe:2.3:a:mongodb:mongodb:2.6.1:::::::*

References

Link	Resource
https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b
https://jira.mongodb.org/browse/SERVER-13753	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-25T11:00:00

Updated: 2014-12-25T06:57:01

Reserved: 2014-06-04T00:00:00

Link: CVE-2014-3971

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-12-25T11:59:00.037

Modified: 2014-12-29T16:47:41.450

Link: CVE-2014-3971

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-29T00:00:00", "descriptions": [{"lang": "en", "value": "The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-25T06:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.mongodb.org/browse/SERVER-13753"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3971", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b", "refsource": "CONFIRM", "url": "https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b"}, {"name": "https://jira.mongodb.org/browse/SERVER-13753", "refsource": "CONFIRM", "url": "https://jira.mongodb.org/browse/SERVER-13753"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3971", "datePublished": "2014-12-25T11:00:00", "dateReserved": "2014-06-04T00:00:00", "dateUpdated": "2014-12-25T06:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}