Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-9650

Опубликовано: 27 янв. 2015
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Комментарий

CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:rabbitmq_server:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.0032
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2014-9650

ubuntu
около 11 лет назад

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

redhat логотип

CVE-2014-9650

redhat
больше 11 лет назад

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

debian логотип

CVE-2014-9650

debian
около 11 лет назад

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...

github логотип

GHSA-7vh8-m3cm-3hh4

github
больше 3 лет назад

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

EPSS

Процентиль: 55%
0.0032
Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other