Fortinet Discovers MongoDB 'Regular Expression' Parsing Remote Denial of Service Vulnerability
Fortinet's FortiGuard Labs has discovered a remote denial of service vulnerability in MongoDB.
MongoDB is an open-source document-oriented database for multiple platforms, which provides high performance, high availability and automatic scaling. Compared with the traditional table-based relational database structure, MongoDB takes advantage of JSON-like documents with dynamic schemas, making the integration of data in certain types of applications easier and faster.
The vulnerability is caused due to incorrectly handling a specially-crafted regex string. It allows remote attackers to launch a denial of service attack.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 17, 2015
Users should apply the solution provided by MongoDB.
This vulnerability actually resides in the very old 3rd-party PCRE library (http://www.pcre.org/), which was released 3 years ago, but still used in MongoDB.
This vulnerability was discovered by Xiaopeng Zhang of Fortinet's FortiGuard Labs.