CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service (memory consumption and process termination) by leveraging in-memory database representation when authenticating against a non-existent database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.3%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/94929
https://bugzilla.redhat.com/show_bug.cgi?id=1324496
https://jira.mongodb.org/browse/SERVER-24378
http://www.securityfocus.com/bid/94929
https://bugzilla.redhat.com/show_bug.cgi?id=1324496
https://jira.mongodb.org/browse/SERVER-24378

Products affected by CVE-2016-3104

Mongodb » Mongodb » Version: 2.4.0

cpe:2.3:a:mongodb:mongodb:2.4.0
Mongodb » Mongodb » Version: 2.6.0

cpe:2.3:a:mongodb:mongodb:2.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3104

Products

Pricing

Contact Us