Description


RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Related CPE's


Weaknesses



CWE-264

CVSS impact metrics


AV:N/AC:L/Au:N/C:N/I:P/A:N

5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2015-01-20T15:59:08.233

10 years ago

Last modified

2023-11-07T02:23:06.197

1 year ago