CVE-2014-9650

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-9650
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.openwall.com/lists/oss-security/2015/01/21/13 Mailing List Third Party Advisory
http://www.rabbitmq.com/release-notes/README-3.4.1.txt Vendor Advisory
http://www.securityfocus.com/bid/76091
http://rhn.redhat.com/errata/RHSA-2016-0308.html
https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:rabbitmq:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*
Information

Published : 2015-01-27 12:03

Updated : 2022-03-17 07:01

NVD link : CVE-2014-9650

Mitre link : CVE-2014-9650

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

vmware

  • rabbitmq