CVE-2016-9877

Опубликовано: 29 дек. 2016

Источник: ubuntu

Приоритет: high

EPSS Низкий

CVSS2: 7.5

CVSS3: 9.8

Описание

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Релиз	Статус	Примечание
devel	not-affected	3.6.6-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was released [3.2.4-1ubuntu0.1]]
esm-infra/xenial	released	3.5.7-1ubuntu0.16.04.2
precise	ignored	end of life
precise/esm	DNE	precise was needed
trusty	released	3.2.4-1ubuntu0.1
trusty/esm	DNE	trusty was released [3.2.4-1ubuntu0.1]
upstream	released	3.5.8, 3.6.6
vivid/stable-phone-overlay	DNE
vivid/ubuntu-core	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 55%

0.00329

Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2016-9877

CVSS3: 5.9

redhat

около 9 лет назад

CVE-2016-9877

CVSS3: 9.8

nvd

около 9 лет назад

CVE-2016-9877

CVSS3: 9.8

debian

около 9 лет назад

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...

openSUSE-SU-2017:0306-1

suse-cvrf

около 9 лет назад

Security update for rabbitmq-server

GHSA-fjmp-8qvg-p73x

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 55%

0.00329

Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

CVE-2016-9877

Описание

Пакет rabbitmq-server

Ссылки на источники

Связанные уязвимости