CVE-2014-9650

Опубликовано: 29 окт. 2014

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenStack Platform 8 (Liberty)	rabbitmq-server	Affected
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6	rabbitmq-server	Fixed	RHSA-2016:0368	08.03.2016
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7	rabbitmq-server	Fixed	RHSA-2016:0369	08.03.2016
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7	rabbitmq-server	Fixed	RHSA-2016:0308	29.02.2016
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7	rabbitmq-server	Fixed	RHSA-2016:0367	08.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-113

https://bugzilla.redhat.com/show_bug.cgi?id=1185515RabbitMQ: /api/definitions response splitting vulnerability

EPSS

Процентиль: 55%

0.0032

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2014-9650

ubuntu

около 11 лет назад

CVE-2014-9650

nvd

около 11 лет назад

CVE-2014-9650

debian

около 11 лет назад

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...

GHSA-7vh8-m3cm-3hh4

github

больше 3 лет назад

EPSS

Процентиль: 55%

0.0032

Низкий

4.3 Medium

CVSS2