CVE-2014-9650

Published Jan 27, 2015
Last updated 7 days ago
CVSS info 5.0
Overview

Description: CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
Source: security@ubuntu.com
NVD status: Deferred
Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/93.html" target="_blank">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2F0CBEC-F440-45A0-8ED3-59C38B105BCC"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68E1C34F-3CD0-40AD-83F8-4F1B941F0838"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F741941D-F4C9-4F29-ADFF-AC8A4234DFDD"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DE2226B-850C-48BF-BF22-4061EF8262D2"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ED11458-F118-440F-88BE-E9EEF1231143"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B82788D-183B-4177-B802-5941EB2390D0"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D4A89FF-EEA9-4BAF-8F83-D9BCE1617544"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51C91577-54C8-42BD-A5D2-17BBFDC72C0F"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48FBD054-FEA5-4550-88CF-02C5DE814198"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D97CE3D-526F-4841-B235-03E7C91F60FA"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5F2EB8D-698A-4937-8272-035792C07E79"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE95D715-9F21-446B-8AFA-6B2CB5619DFE"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62A39BD4-AB61-44B9-B5C9-FB6536F69A44"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66E07A00-731E-4F8B-B670-347EB96F6991"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0A72AC2-F9A6-4ADF-8930-D39BA92DED89"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3753E6C4-00C7-4297-8E98-D07BE9E3AF15"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2875491-991A-4014-B99C-A042A5D870DE"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BB67C92-9D18-48C5-A6E7-1CBE9F9AD4A3"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B2AC8B6-9743-4167-AF3A-EAF5D9AE53E2"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC8A2268-4FA1-405A-9CA6-2522F5AA68CB"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C6F7816-AB21-4D34-A98F-0159737329AE"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93A123A0-1EDC-4EF6-9300-A265837EC18C"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC1069E3-5DAE-4B10-A18E-2FB8BE9CF8EF"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "856A46DD-B7B0-4649-9ADC-6927BDDFC2FD"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4AA3927-F1D2-472D-A505-5CED02059978"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A465750-6168-4319-866B-D844EB4C88FB"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D27EDB36-9C20-471D-AFE3-36F62A2C106C"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "682BA23A-199F-4591-AD30-EF43B34C227F"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D55283F-EA8E-4D12-B49E-D5392242CCF0"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE08D41D-9782-44B1-A051-EF4BEC861C51"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DA0EBB7-35CF-4C57-99E3-F5AA0F09781F"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "051E5698-D006-4BE9-9C7E-5E70654CC1E4"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D29505A-FE4D-4CC2-96EA-13439B1536D4"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B7EA539-A2AB-4FD4-8CB5-575A594437F4"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EB3E04F-7C2D-4121-94E6-09C31BA44C37"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFAC64E9-0DF2-4350-B2A9-225E841CCF74"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8691A77-2BD3-4C6B-97BA-C5904149D9DC"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B22BC770-52AF-44DD-BEC7-B989B8C08717"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1CE91D7-DA1B-4547-B903-A2536E4B3EA1"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B1078BE-B70C-4419-95AC-68ED4AC56EDE"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27719DEB-CC36-4DAB-8564-248263F48010"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7975F3B-30A9-445B-9D39-8A308670264B"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80944B21-FAC3-49A6-878F-173B5A5AD24E"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "755456D9-7249-4092-970C-230729E2F856"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References
