file-mongodb-http-interface-enabled: MongoDB HTTP Interface Enabled

日期: 2025-08-01 | 影响软件: MongoDB HTTP Interface | POC: 已公开

漏洞描述

Checks if the MongoDB HTTP interface is enabled in /etc/mongod.conf.

PoC代码[已公开]

id: file-mongodb-http-interface-enabled

info:
  name: MongoDB HTTP Interface Enabled
  author: pussycat0x
  severity: high
  description: |
    Checks if the MongoDB HTTP interface is enabled in /etc/mongod.conf.
  remediation: |
    Set 'http.enabled: false' in /etc/mongod.conf and restart MongoDB.
  reference:
    - https://wiki.devsecopsguides.com/docs/checklists/mongodb/
    - https://www.mongodb.com/docs/manual/reference/configuration-options/
  metadata:
    verified: true
  tags: mongodb,config,file,hardening

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "storage"
          - "operationProfiling"
        condition: and

      - type: word
        words:
          - "http:"
          - "enabled: true"
        condition: and
        negative: true
# digest: 490a00463044022076c30bae9d912985b3cbbeb47999bb78be1524cd88c218adc904b07a648328d902206cab1e318dfdec50a47cccd2cd4ecd104207b7afca3db3386551187e5be49517:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/mongodb/file-mongodb-http-interface-enabled.yaml