CVE-2014-9649

{"id": "CVE-2014-9649", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-01-27T20:02:39.637", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html", "source": "security@ubuntu.com"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/21/13", "source": "security@ubuntu.com"}, {"url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", "tags": ["Vendor Advisory"], "source": "security@ubuntu.com"}, {"url": "http://www.securityfocus.com/bid/76084", "source": "security@ubuntu.com"}, {"url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs", "source": "security@ubuntu.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/21/13", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/76084", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el plugin de gesti\u00f3n en RabbitMQ 2.1.0 hasta 3.4.x anterior a 3.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la informaci\u00f3n de rutas en api/, lo que no se maneja correctamente en un mensaje de error."}], "lastModified": "2024-11-21T02:21:20.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:rabbitmq:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCA9250D-E56A-4456-AF66-E1B5960730D8"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC84D99-7C05-4B3C-9E81-1F2B4605CACF"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E27D4E23-DC8F-4C28-A437-2EDB14568B09"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A70F4EE8-30B9-4341-B9B2-2BB9BC8256BB"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4126A1FD-C997-4AB7-897B-7D8816B21C15"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BB18CD-DF57-468B-8203-0B2C202C4E42"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B635EF9-23B4-4B32-8A74-ED61AE321777"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B44AC80-3C70-478F-87D1-AE390234BEBA"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72354DE3-C303-4678-B520-8CD1503BF6DD"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FAFCD9A-F22A-4B03-8645-ABB8A1F3441F"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A9AA09F-7E85-4068-ABF4-2881B56D6F37"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E3973C4-487C-4576-9BDF-05FC40382D98"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50164916-6B87-4750-9A74-7F27E447F583"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DDC91BE-4BA4-44D4-8B8A-DB3A20C5BF68"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC77081E-5553-41F8-9AF7-BB5526E0FC3A"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "694F03E0-7205-4EB5-9DAD-172A6B58C9DE"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96B36B27-D837-4D38-84CE-6CB7D61F9E66"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30E3EB68-8570-4EB8-8B97-F2B6D5F4005A"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF40EEE5-BCDB-4EA3-AF10-863F7AA2FFA1"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33500CAA-527F-4F00-94A1-006526BF976F"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74754CC6-462E-4C5D-AC38-2F04E621B25A"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06A7CF1B-B1AF-4875-B744-33BBC5275B4A"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092649A0-17AA-47EE-8684-7B2B6AE19870"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E503CE6E-12B0-4307-86A8-86346E856738"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29CB62E6-AAC1-43B6-9A34-C138890F4B5E"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D97FB5-0189-45ED-8239-0E3C238F7C96"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DF9A027-4AA8-451D-B26E-3597F8513B97"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F48BA73-6453-498F-B33F-B630791BD41D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D7AE34E-A49F-47E0-80A3-E7CA8771EE18"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B112A955-8FCC-4C17-90F2-13D7755CC397"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B8C9320-CF79-4B9A-9370-CE2EEDA848CD"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E67B22C7-BD10-481C-B686-DB626B6E6434"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B735947D-3A98-45D2-A37D-560FD387B85B"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "502AEBAA-CB1B-403A-B9F4-37FF027B892D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B9EB256-80BF-4F63-8A80-0E7643DAC91D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F666302C-7D25-4230-B835-2B8852CD53F5"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A67824-47C5-494D-B8A8-7C7EDE51F979"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6530EC3A-9B67-41F2-B450-D0A8BB744AB7"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B23B1DC5-BB23-4C29-9B03-7AF5E7A33050"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9D13DF-807D-4E22-85A3-1674DFC570E4"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9713A545-2BC0-4761-90A2-F80575A99302"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16967835-4E17-4260-B7FD-9A85B5BE43DE"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}