Описание
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.4.2-2 |
| bionic | not-affected | 3.4.2-2 |
| cosmic | not-affected | 3.4.2-2 |
| devel | not-affected | 3.4.2-2 |
| disco | not-affected | 3.4.2-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| esm-infra/bionic | not-affected | 3.4.2-2 |
| esm-infra/xenial | not-affected | 3.4.2-2 |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1. ...
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
EPSS
5 Medium
CVSS2