CVE-2016-10572
First published: Thu May 31 2018(Updated: )
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MongoDB | <0.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-10572?
The severity of CVE-2016-10572 is classified as moderate due to the potential for remote code execution.
How do I fix CVE-2016-10572?
To fix CVE-2016-10572, upgrade to a version of mongodb-instance greater than 0.0.3.
What type of attack does CVE-2016-10572 vulnerability expose systems to?
CVE-2016-10572 exposes systems to man-in-the-middle (MITM) attacks leading to potential remote code execution.
Which versions of mongodb-instance are affected by CVE-2016-10572?
Versions of mongodb-instance before 0.0.3 are affected by CVE-2016-10572.
Can CVE-2016-10572 be exploited without user interaction?
Yes, CVE-2016-10572 can be exploited without user interaction if the vulnerable software is in use.
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mongodb-instance project
- canonical/mongodb