Description

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Related CPE's

a

pivotal_software

rabbitmq

Vulnerable

References

http://seclists.org/oss-sec/2015/q1/30

http://www.rabbitmq.com/release-notes/README-3.4.0.txt

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99685

https://groups.google.com/forum/#%21topic/rabbitmq-users/DMkypbSvIyM

http://seclists.org/oss-sec/2015/q1/30

http://www.rabbitmq.com/release-notes/README-3.4.0.txt

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/99685

https://groups.google.com/forum/#%21topic/rabbitmq-users/DMkypbSvIyM

Weaknesses

[email protected]

Primary
CWE-264

CVSS impact metrics

AV:N/AC:L/Au:N/C:N/I:P/A:N

5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Deferred

Published

2015-01-20T14:59:08.233Z

11 years ago

Last modified

2025-04-12T08:46:40.837Z

11 months ago