Fortinet Discovers MongoDB 'Regular Expression' Parsing Remote Denial of Service Vulnerability
SummaryFortinet's FortiGuard Labs has discovered a remote denial of service vulnerability in MongoDB.
MongoDB is an open-source document-oriented database for multiple platforms, which provides high performance, high availability and automatic scaling. Compared with the traditional table-based relational database structure, MongoDB takes advantage of JSON-like documents with dynamic schemas, making the integration of data in certain types of applications easier and faster.
The vulnerability is caused due to incorrectly handling a specially-crafted regex string. It allows remote attackers to launch a denial of service attack.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 18, 2015
Users should apply the solution provided by MongoDB.