CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2016-0308.html | |
http://www.openwall.com/lists/oss-security/2015/01/21/13 | Mailing List Third Party Advisory |
http://www.rabbitmq.com/release-notes/README-3.4.1.txt | Vendor Advisory |
http://www.securityfocus.com/bid/76091 | |
https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-01-27 20:03
Updated : 2024-02-28 12:20
NVD link : CVE-2014-9650
Mitre link : CVE-2014-9650
CVE.ORG link : CVE-2014-9650
JSON object : View
Products Affected
vmware
- rabbitmq
CWE