CVE-2016-9877

{"id": "CVE-2016-9877", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2016-12-29T09:59:00.790", "references": [{"url": "http://www.debian.org/security/2017/dsa-3761", "source": "security_alert@emc.com"}, {"url": "http://www.securityfocus.com/bid/95065", "source": "security_alert@emc.com"}, {"url": "https://pivotal.io/security/cve-2016-9877", "tags": ["Mitigation", "Vendor Advisory"], "source": "security_alert@emc.com"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us", "source": "security_alert@emc.com"}, {"url": "http://www.debian.org/security/2017/dsa-3761", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95065", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pivotal.io/security/cve-2016-9877", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."}, {"lang": "es", "value": "Un problema fue descubierto en Pivotal RabbitMQ 3.x en versiones anteriores a 3.5.8 y 3.6.x en versiones anteriores a 3.6.6 y RabbitMQ for PCF 1.5.x en versiones anteriores a 1.5.20, 1.6.x en versiones anteriores a 1.6.12 y 1.7.x en versiones anteriores a 1.7.7. Autenticaci\u00f3n de conexi\u00f3n MQTT (MQ Telemetry Transport) con un nombre de usuario/contrase\u00f1a tiene \u00e9xito si se provee un nombre de usuario existente pero la contrase\u00f1a es omitida de la petici\u00f3n de conexi\u00f3n. Conexiones que usan TLS con un certificado provisto por el cliente no est\u00e1n afectadas."}], "lastModified": "2024-11-21T03:01:56.197", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06A7CF1B-B1AF-4875-B744-33BBC5275B4A"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "092649A0-17AA-47EE-8684-7B2B6AE19870"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E503CE6E-12B0-4307-86A8-86346E856738"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29CB62E6-AAC1-43B6-9A34-C138890F4B5E"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0D97FB5-0189-45ED-8239-0E3C238F7C96"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DF9A027-4AA8-451D-B26E-3597F8513B97"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F48BA73-6453-498F-B33F-B630791BD41D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D7AE34E-A49F-47E0-80A3-E7CA8771EE18"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B112A955-8FCC-4C17-90F2-13D7755CC397"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B8C9320-CF79-4B9A-9370-CE2EEDA848CD"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E67B22C7-BD10-481C-B686-DB626B6E6434"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B735947D-3A98-45D2-A37D-560FD387B85B"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "502AEBAA-CB1B-403A-B9F4-37FF027B892D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B9EB256-80BF-4F63-8A80-0E7643DAC91D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F666302C-7D25-4230-B835-2B8852CD53F5"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A67824-47C5-494D-B8A8-7C7EDE51F979"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6530EC3A-9B67-41F2-B450-D0A8BB744AB7"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B23B1DC5-BB23-4C29-9B03-7AF5E7A33050"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9D13DF-807D-4E22-85A3-1674DFC570E4"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9713A545-2BC0-4761-90A2-F80575A99302"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16967835-4E17-4260-B7FD-9A85B5BE43DE"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F57DA292-66F8-4BE5-AD3B-C4400D6D1A42"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "385A9C6F-7933-4681-985E-31D7CED8B0FD"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76B241B7-DE7C-4F95-A742-164020FCAED3"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09429E70-C395-4E95-9C83-5BDC8083C0AE"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9432656B-DB94-4E5F-83CB-38A9DA4FCA74"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37CD714F-30CD-4254-AF41-DEBEA9053706"}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEC4C125-7594-4960-BF88-977D3A95D6BC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1"}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*", "vulnerable": true, "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}