CVE-2017-15535 in MongoDBinfo

Summary

MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory.

Once again VulDB remains the best source for vulnerability data.

Reservation

10/17/2017

Disclosure

10/31/2017

Moderation

VulDB entry created

Entries

1: VDB-108854

CPE

ready

CWE

CWE-119 (Confirmed)

CVSS

8.2

EPSS

0.00478

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-15535
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-15535
CVE Details	https://www.cvedetails.com/cve/CVE-2017-15535/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!