Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8786

Опубликовано: 29 дек. 2015
Источник: redhat
CVSS3: 6.5
CVSS2: 6.3

Описание

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)rabbitmq-serverNot affected
Red Hat OpenStack Platform 11 (Ocata)rabbitmq-serverNot affected
Red Hat OpenStack Platform 9 (Mitaka)rabbitmq-serverNot affected
Red Hat Storage Console 2rabbitmq-serverWill not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6rabbitmq-serverFixedRHSA-2017:053315.03.2017
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7rabbitmq-serverFixedRHSA-2017:053215.03.2017
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7rabbitmq-serverFixedRHSA-2017:053115.03.2017
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7rabbitmq-serverFixedRHSA-2017:053015.03.2017
Red Hat OpenStack Platform 8.0 (Liberty)rabbitmq-serverFixedRHSA-2017:022601.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1404150rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin

6.5 Medium

CVSS3

6.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8786

CVSS3: 6.5
ubuntu
около 9 лет назад

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

nvd логотип

CVE-2015-8786

CVSS3: 6.5
nvd
около 9 лет назад

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

debian логотип

CVE-2015-8786

CVSS3: 6.5
debian
около 9 лет назад

The Management plugin in RabbitMQ before 3.6.1 allows remote authentic ...

github логотип

GHSA-c22c-f732-2pwg

CVSS3: 6.5
github
больше 3 лет назад

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

6.5 Medium

CVSS3

6.3 Medium

CVSS2