Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9494

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9494
Last Modified 22 Jan 2015 10:40:37
Published 20 Jan 2015 10:59:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9494

Summary

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Vulnerable Systems

Application

  • Pivotal Software Rabbitmq 3.3.5


References

CONFIRM - https://groups.google.com/forum/#!topic/rabbitmq-users/DMkypbSvIyM

XF - rabbitmq-cve20149494-sec-bypass(99685)

CONFIRM - http://www.rabbitmq.com/release-notes/README-3.4.0.txt

MLIST - [oss-security] 20150103 Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server


Last Updated: 27 May 2016 11:07:36