CVE-2014-9650

{"id": "CVE-2014-9650", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-01-27T20:03:15.080", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html", "source": "security@ubuntu.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/21/13", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.securityfocus.com/bid/76091", "source": "security@ubuntu.com"}, {"url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs", "source": "security@ubuntu.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/21/13", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/76091", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n CRLF en el plugin de gesti\u00f3n en RabbitMQ 2.1.0 hasta 3.4.x anterior a 3.4.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s del par\u00e1metro download en api/definitions."}], "lastModified": "2025-04-02T14:13:43.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2F0CBEC-F440-45A0-8ED3-59C38B105BCC"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68E1C34F-3CD0-40AD-83F8-4F1B941F0838"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F741941D-F4C9-4F29-ADFF-AC8A4234DFDD"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DE2226B-850C-48BF-BF22-4061EF8262D2"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED11458-F118-440F-88BE-E9EEF1231143"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B82788D-183B-4177-B802-5941EB2390D0"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D4A89FF-EEA9-4BAF-8F83-D9BCE1617544"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51C91577-54C8-42BD-A5D2-17BBFDC72C0F"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48FBD054-FEA5-4550-88CF-02C5DE814198"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D97CE3D-526F-4841-B235-03E7C91F60FA"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5F2EB8D-698A-4937-8272-035792C07E79"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE95D715-9F21-446B-8AFA-6B2CB5619DFE"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62A39BD4-AB61-44B9-B5C9-FB6536F69A44"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66E07A00-731E-4F8B-B670-347EB96F6991"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0A72AC2-F9A6-4ADF-8930-D39BA92DED89"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3753E6C4-00C7-4297-8E98-D07BE9E3AF15"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2875491-991A-4014-B99C-A042A5D870DE"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BB67C92-9D18-48C5-A6E7-1CBE9F9AD4A3"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B2AC8B6-9743-4167-AF3A-EAF5D9AE53E2"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC8A2268-4FA1-405A-9CA6-2522F5AA68CB"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C6F7816-AB21-4D34-A98F-0159737329AE"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93A123A0-1EDC-4EF6-9300-A265837EC18C"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1069E3-5DAE-4B10-A18E-2FB8BE9CF8EF"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "856A46DD-B7B0-4649-9ADC-6927BDDFC2FD"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4AA3927-F1D2-472D-A505-5CED02059978"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A465750-6168-4319-866B-D844EB4C88FB"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27EDB36-9C20-471D-AFE3-36F62A2C106C"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "682BA23A-199F-4591-AD30-EF43B34C227F"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D55283F-EA8E-4D12-B49E-D5392242CCF0"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE08D41D-9782-44B1-A051-EF4BEC861C51"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DA0EBB7-35CF-4C57-99E3-F5AA0F09781F"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "051E5698-D006-4BE9-9C7E-5E70654CC1E4"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D29505A-FE4D-4CC2-96EA-13439B1536D4"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B7EA539-A2AB-4FD4-8CB5-575A594437F4"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EB3E04F-7C2D-4121-94E6-09C31BA44C37"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFAC64E9-0DF2-4350-B2A9-225E841CCF74"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8691A77-2BD3-4C6B-97BA-C5904149D9DC"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B22BC770-52AF-44DD-BEC7-B989B8C08717"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1CE91D7-DA1B-4547-B903-A2536E4B3EA1"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B1078BE-B70C-4419-95AC-68ED4AC56EDE"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27719DEB-CC36-4DAB-8564-248263F48010"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7975F3B-30A9-445B-9D39-8A308670264B"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80944B21-FAC3-49A6-878F-173B5A5AD24E"}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "755456D9-7249-4092-970C-230729E2F856"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", "sourceIdentifier": "security@ubuntu.com"}