CVE-2014-9494

Опубликовано: 15 окт. 2014

Источник: redhat

CVSS2: 3.6

Описание

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)	rabbitmq-server	Not affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)	rabbitmq-server	Fix deferred

Показывать по

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1174872rabbitmq-server: insufficient 'X-Forwarded-For' header validation

3.6 Low

CVSS2

CVE-2014-9494

ubuntu

около 11 лет назад

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

CVE-2014-9494

nvd

около 11 лет назад

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

CVE-2014-9494

debian

около 11 лет назад

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_u ...

GHSA-rgxx-9mfj-x5rf

github

больше 3 лет назад

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

3.6 Low

CVSS2