Fortinet Discovers MongoDB Remote Denial of Service Vulnerability II
SummaryFortinet's FortiGuard Labs has discovered a remote denial of service vulnerability in MongoDB.
MongoDB is an open-source document-oriented database for multiple platforms, which provides high performance, high availability and automatic scaling. Compared with the traditional table-based relational database structure, MongoDB takes advantage of JSON-like documents with dynamic schemas, making the integration of data in certain types of applications easier and faster.
The vulnerability is caused due to incorrectly handling a specially-crafted 'createIndex' request which contains an empty name. It allows remote attackers to launch a denial of service attack.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 20, 2015
Users should apply the solution provided by MongoDB.