Vulnerability Details : CVE-2013-1892
Public exploit exists!
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
Vulnerability category: Input validationExecute codeDenial of service
Threat overview for CVE-2013-1892
Top countries where our scanners detected CVE-2013-1892
Top open port discovered on systems with this issue
27017
IPs affected by CVE-2013-1892 159
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1892!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1892
Probability of exploitation activity in the next 30 days: 65.70%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-1892
-
MongoDB nativeHelper.apply Remote Code Execution
Disclosure Date: 2013-03-24First seen: 2020-04-26exploit/linux/misc/mongod_native_helperThis module exploits the nativeHelper feature from spiderMonkey which allows remote code execution by calling it with specially crafted arguments. This module has been tested successfully on MongoDB 2.2.3 on Ubuntu 10.04 and Debian Squeeze. Authors: - agix
CVSS scores for CVE-2013-1892
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2013-1892
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1892
-
http://www.exploit-db.com/exploits/24935
MongoDB - nativeHelper.apply Remote Code Execution (Metasploit) - Linux remote Exploit
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101630.html
[SECURITY] Fedora 18 Update: mongodb-2.2.3-4.fc18
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101679.html
[SECURITY] Fedora 17 Update: mongodb-2.2.3-4.fc17
-
http://rhn.redhat.com/errata/RHSA-2013-1170.html
RHSA-2013:1170 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://www.mongodb.org/about/alerts/
MongoDB Alerts | MongoDBVendor Advisory
-
http://www.exploit-db.com/exploits/24947
MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution - Linux remote Exploit
-
http://www.openwall.com/lists/oss-security/2013/03/25/9
oss-security - Re: CVE Request: Mongo DB
-
https://jira.mongodb.org/browse/SERVER-9124
[SERVER-9124] Avoid raw pointers for SM's nativeHelper - MongoDB
-
http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/
mongodb – SSJI to RCE – Sec Team BlogExploit
Products affected by CVE-2013-1892
- cpe:2.3:o:redhat:enterprise_mrg:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*