CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-0308.html | |
http://www.openwall.com/lists/oss-security/2015/01/21/13 | Mailing List Third Party Advisory |
http://www.rabbitmq.com/release-notes/README-3.4.1.txt | Vendor Advisory |
http://www.securityfocus.com/bid/76091 | |
https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs |
Configurations
Configuration 1 (hide)
|
History
17 Mar 2022, 14:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pivotal_software:rabbitmq:3.2.4:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.3.4:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.3.3:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.3.5:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.3.2:*:*:*:*:*:*:* |
cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:* |
17 Mar 2022, 13:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:pivotal_software:rabbitmq:2.8.2:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.1.5:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.6:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.3:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.1.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.7:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.1.2:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.1.3:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.1.4:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.5:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:pivotal_software:rabbitmq:2.8.4:*:*:*:*:*:*:* |
cpe:2.3:a:vmware:rabbitmq:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.7:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:2.8.6:*:*:*:*:*:*:* cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:* |
Information
Published : 2015-01-27 20:03
Updated : 2024-02-04 18:35
NVD link : CVE-2014-9650
Mitre link : CVE-2014-9650
CVE.ORG link : CVE-2014-9650
JSON object : View
Products Affected
vmware
- rabbitmq
CWE