CVE-2014-3971

MongoDB 2.6.x - Denial of Service via Invalid X.509 Client Certificate Authentication

Title source: llm
STIX 2.1

Description

The CmdAuthenticate::_authenticateX509 function in db/commands/authentication_commands.cpp in mongod in MongoDB 2.6.x before 2.6.2 allows remote attackers to cause a denial of service (daemon crash) by attempting authentication with an invalid X.509 client certificate.

References (2)

Core 2

Scores

EPSS 0.0146
EPSS Percentile 70.4%

Details

CWE
CWE-20
Status published
Products (2)
mongodb/mongodb 2.6.0
mongodb/mongodb 2.6.1
Published Dec 25, 2014
Tracked Since Feb 18, 2026