Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9650

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9650
Last Modified 29 Jan 2015 09:59:09
Published 27 Jan 2015 03:03:15
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9650

Summary

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Vulnerable Systems

Application

  • Pivotal Software Rabbitmq 2.1.0

  • Pivotal Software Rabbitmq 2.1.1

  • Pivotal Software Rabbitmq 2.2.0

  • Pivotal Software Rabbitmq 2.3.0

  • Pivotal Software Rabbitmq 2.3.1

  • Pivotal Software Rabbitmq 2.4.0

  • Pivotal Software Rabbitmq 2.4.1

  • Pivotal Software Rabbitmq 2.5.0

  • Pivotal Software Rabbitmq 2.5.1

  • Pivotal Software Rabbitmq 2.6.0

  • Pivotal Software Rabbitmq 2.6.1

  • Pivotal Software Rabbitmq 2.7.0

  • Pivotal Software Rabbitmq 2.7.1

  • Pivotal Software Rabbitmq 2.8.0

  • Pivotal Software Rabbitmq 2.8.1

  • Pivotal Software Rabbitmq 2.8.2

  • Pivotal Software Rabbitmq 2.8.3

  • Pivotal Software Rabbitmq 2.8.4

  • Pivotal Software Rabbitmq 2.8.5

  • Pivotal Software Rabbitmq 2.8.6

  • Pivotal Software Rabbitmq 2.8.7

  • Pivotal Software Rabbitmq 3.0.0

  • Pivotal Software Rabbitmq 3.0.1

  • Pivotal Software Rabbitmq 3.0.2

  • Pivotal Software Rabbitmq 3.0.3

  • Pivotal Software Rabbitmq 3.0.4

  • Pivotal Software Rabbitmq 3.1.0

  • Pivotal Software Rabbitmq 3.1.1

  • Pivotal Software Rabbitmq 3.1.2

  • Pivotal Software Rabbitmq 3.1.3

  • Pivotal Software Rabbitmq 3.1.4

  • Pivotal Software Rabbitmq 3.1.5

  • Pivotal Software Rabbitmq 3.2.0

  • Pivotal Software Rabbitmq 3.2.1

  • Pivotal Software Rabbitmq 3.2.2

  • Pivotal Software Rabbitmq 3.2.3

  • Pivotal Software Rabbitmq 3.2.4

  • Pivotal Software Rabbitmq 3.3.0

  • Pivotal Software Rabbitmq 3.3.1

  • Pivotal Software Rabbitmq 3.3.2

  • Pivotal Software Rabbitmq 3.3.3

  • Pivotal Software Rabbitmq 3.3.4

  • Pivotal Software Rabbitmq 3.3.5

  • Pivotal Software Rabbitmq 3.4.0


References

CONFIRM - https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs

CONFIRM - http://www.rabbitmq.com/release-notes/README-3.4.1.txt

MLIST - [oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin


Last Updated: 27 May 2016 11:07:38