Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11287

Опубликовано: 23 нояб. 2019
Источник: ubuntu
Приоритет: low
CVSS2: 5
CVSS3: 7.5

Описание

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

РелизСтатусПримечание
bionic

released

3.6.10-1ubuntu0.5
devel

not-affected

3.8.9-1
disco

ignored

end of life
eoan

ignored

end of life
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

3.6.10-1ubuntu0.5
esm-infra/focal

not-affected

3.8.2-0ubuntu1.1
esm-infra/xenial

released

3.5.7-1ubuntu0.16.04.4+esm1
focal

not-affected

3.8.2-0ubuntu1.1
groovy

not-affected

3.8.5-1

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-11287

CVSS3: 7.5
redhat
около 6 лет назад

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

nvd логотип

CVE-2019-11287

CVSS3: 7.5
nvd
около 6 лет назад

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

debian логотип

CVE-2019-11287

CVSS3: 7.5
debian
около 6 лет назад

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...

github логотип

GHSA-hrfh-7j5f-8ccr

CVSS3: 7.5
github
больше 3 лет назад

Pivotal RabbitMQ is vulnerable to a denial of service attack

fstec логотип

BDU:2021-05251

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость плагина веб-менеджмента брокера сообщений RabbitMQ, связанная с недостаточной обработкой форматной строки, позволяющая нарушителю вызвать отказ в обслуживании

5 Medium

CVSS2

7.5 High

CVSS3