Description

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Related CPE's

a

pivotal_software

rabbitmq

Vulnerable

References

http://seclists.org/oss-sec/2015/q1/30

http://www.rabbitmq.com/release-notes/README-3.4.0.txt

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99685

https://groups.google.com/forum/#%21topic/rabbitmq-users/DMkypbSvIyM

Weaknesses

[email protected]

Primary
CWE-264

CVSS impact metrics

AV:N/AC:L/Au:N/C:N/I:P/A:N

5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2015-01-20T15:59:08.233

10 years ago

Last modified

2023-11-07T02:23:06.197

1 year ago