Description

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Related CPE's

a

broadcom

rabbitmq_server

44

References

http://rhn.redhat.com/errata/RHSA-2016-0308.html

http://www.openwall.com/lists/oss-security/2015/01/21/13

Mailing ListThird Party Advisory

http://www.rabbitmq.com/release-notes/README-3.4.1.txt

Vendor Advisory

http://www.securityfocus.com/bid/76091

https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs

http://rhn.redhat.com/errata/RHSA-2016-0308.html

http://www.openwall.com/lists/oss-security/2015/01/21/13

Mailing ListThird Party Advisory

http://www.rabbitmq.com/release-notes/README-3.4.1.txt

Vendor Advisory

http://www.securityfocus.com/bid/76091

https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

AV:N/AC:L/Au:N/C:N/I:P/A:N

5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Deferred

Published

2015-01-27T19:03:15.080Z

11 years ago

Last modified

2025-04-12T08:46:40.837Z

11 months ago