mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-04 09:43:40 +08:00
36 lines
1.0 KiB
YAML
36 lines
1.0 KiB
YAML
id: file-mongodb-http-interface-enabled
|
|
|
|
info:
|
|
name: MongoDB HTTP Interface Enabled
|
|
author: pussycat0x
|
|
severity: high
|
|
description: |
|
|
Checks if the MongoDB HTTP interface is enabled in /etc/mongod.conf.
|
|
remediation: |
|
|
Set 'http.enabled: false' in /etc/mongod.conf and restart MongoDB.
|
|
reference:
|
|
- https://wiki.devsecopsguides.com/docs/checklists/mongodb/
|
|
- https://www.mongodb.com/docs/manual/reference/configuration-options/
|
|
metadata:
|
|
verified: true
|
|
tags: mongodb,config,file,hardening
|
|
|
|
file:
|
|
- extensions:
|
|
- conf
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "storage"
|
|
- "operationProfiling"
|
|
condition: and
|
|
|
|
- type: word
|
|
words:
|
|
- "http:"
|
|
- "enabled: true"
|
|
condition: and
|
|
negative: true
|
|
# digest: 490a00463044022076c30bae9d912985b3cbbeb47999bb78be1524cd88c218adc904b07a648328d902206cab1e318dfdec50a47cccd2cd4ecd104207b7afca3db3386551187e5be49517:922c64590222798bb761d5b6d8e72950 |