Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-22116

Опубликовано: 13 мая 2021
Источник: redhat
CVSS3: 5.9
EPSS Низкий

Описание

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

A flaw was found in rabbitmq-server, where insufficient input validation in the AMQP 1.0 client connection endpoint could allow a denial of service. The highest threat from this vulnerability is to system availability.

Отчет

While Red Hat OpenStack Platform ships the affected rabbitmq-server package, RabbitMQ is not exposed outside the management network. As this network is tightly-regulated to OpenStack administrators, the risk for abuse is significantly reduced. Additionally, by default the affected plugin (AMQP 1.0) is not enabled. No update will be provided at this time for the RHOSP rabbitmq-server package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Tower 3rabbitmq-serverNot affected
Red Hat OpenStack Platform 10 (Newton)rabbitmq-serverOut of support scope
Red Hat OpenStack Platform 13 (Queens)rabbitmq-serverOut of support scope
Red Hat OpenStack Platform 16 (Train)rabbitmq-serverWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1961638rabbitmq-server: improper input validation may lead to DoS

EPSS

Процентиль: 77%
0.01026
Низкий

5.9 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-22116

CVSS3: 7.5
ubuntu
больше 4 лет назад

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

nvd логотип

CVE-2021-22116

CVSS3: 7.5
nvd
больше 4 лет назад

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

debian логотип

CVE-2021-22116

CVSS3: 7.5
debian
больше 4 лет назад

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service ...

github логотип

GHSA-5hjq-8gx9-79g4

CVSS3: 7.5
github
больше 3 лет назад

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.

fstec логотип

BDU:2021-05248

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость плагина AMQP 1.0 брокера сообщений RabbitMQ, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%
0.01026
Низкий

5.9 Medium

CVSS3