CVE-2014-9650

Published Jan 27, 2015
Last updated a year ago
CVSS info 5.0
Overview

Description: CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
Source: security@ubuntu.com
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/93.html" target="_blank">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCA9250D-E56A-4456-AF66-E1B5960730D8"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DC84D99-7C05-4B3C-9E81-1F2B4605CACF"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E27D4E23-DC8F-4C28-A437-2EDB14568B09"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A70F4EE8-30B9-4341-B9B2-2BB9BC8256BB"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4126A1FD-C997-4AB7-897B-7D8816B21C15"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3BB18CD-DF57-468B-8203-0B2C202C4E42"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B635EF9-23B4-4B32-8A74-ED61AE321777"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B44AC80-3C70-478F-87D1-AE390234BEBA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72354DE3-C303-4678-B520-8CD1503BF6DD"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FAFCD9A-F22A-4B03-8645-ABB8A1F3441F"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A9AA09F-7E85-4068-ABF4-2881B56D6F37"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E3973C4-487C-4576-9BDF-05FC40382D98"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50164916-6B87-4750-9A74-7F27E447F583"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DDC91BE-4BA4-44D4-8B8A-DB3A20C5BF68"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC77081E-5553-41F8-9AF7-BB5526E0FC3A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "694F03E0-7205-4EB5-9DAD-172A6B58C9DE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96B36B27-D837-4D38-84CE-6CB7D61F9E66"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30E3EB68-8570-4EB8-8B97-F2B6D5F4005A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF40EEE5-BCDB-4EA3-AF10-863F7AA2FFA1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33500CAA-527F-4F00-94A1-006526BF976F"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74754CC6-462E-4C5D-AC38-2F04E621B25A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06A7CF1B-B1AF-4875-B744-33BBC5275B4A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "092649A0-17AA-47EE-8684-7B2B6AE19870"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E503CE6E-12B0-4307-86A8-86346E856738"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29CB62E6-AAC1-43B6-9A34-C138890F4B5E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0D97FB5-0189-45ED-8239-0E3C238F7C96"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF9A027-4AA8-451D-B26E-3597F8513B97"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F48BA73-6453-498F-B33F-B630791BD41D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D7AE34E-A49F-47E0-80A3-E7CA8771EE18"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B112A955-8FCC-4C17-90F2-13D7755CC397"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B8C9320-CF79-4B9A-9370-CE2EEDA848CD"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E67B22C7-BD10-481C-B686-DB626B6E6434"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B735947D-3A98-45D2-A37D-560FD387B85B"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "502AEBAA-CB1B-403A-B9F4-37FF027B892D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B9EB256-80BF-4F63-8A80-0E7643DAC91D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F666302C-7D25-4230-B835-2B8852CD53F5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A67824-47C5-494D-B8A8-7C7EDE51F979"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6530EC3A-9B67-41F2-B450-D0A8BB744AB7"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B23B1DC5-BB23-4C29-9B03-7AF5E7A33050"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9D13DF-807D-4E22-85A3-1674DFC570E4"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9713A545-2BC0-4761-90A2-F80575A99302"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16967835-4E17-4260-B7FD-9A85B5BE43DE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References
