Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-9877

Опубликовано: 29 дек. 2016
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*

EPSS

Процентиль: 55%
0.00329
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284

Связанные уязвимости

ubuntu логотип

CVE-2016-9877

CVSS3: 9.8
ubuntu
около 9 лет назад

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

redhat логотип

CVE-2016-9877

CVSS3: 5.9
redhat
около 9 лет назад

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

debian логотип

CVE-2016-9877

CVSS3: 9.8
debian
около 9 лет назад

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...

suse-cvrf логотип

openSUSE-SU-2017:0306-1

suse-cvrf
около 9 лет назад

Security update for rabbitmq-server

github логотип

GHSA-fjmp-8qvg-p73x

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

EPSS

Процентиль: 55%
0.00329
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-284