Description

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Related CPE's

a

vmware

rabbitmq

44

References

http://rhn.redhat.com/errata/RHSA-2016-0308.html

http://www.openwall.com/lists/oss-security/2015/01/21/13

Mailing ListThird Party Advisory

http://www.rabbitmq.com/release-notes/README-3.4.1.txt

Vendor Advisory

http://www.securityfocus.com/bid/76091

https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

AV:N/AC:L/Au:N/C:N/I:P/A:N

5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2015-01-27T20:03:15.080

10 years ago

Last modified

2023-11-07T02:23:09.237

1 year ago