CVE-2016-9877

Published Dec 29, 2016
Last updated 3 years ago
CVSS critical 9.8
Overview

Description: An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Source: security_alert@emc.com
NVD status: Modified
Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-284
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06A7CF1B-B1AF-4875-B744-33BBC5275B4A"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "092649A0-17AA-47EE-8684-7B2B6AE19870"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E503CE6E-12B0-4307-86A8-86346E856738"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29CB62E6-AAC1-43B6-9A34-C138890F4B5E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0D97FB5-0189-45ED-8239-0E3C238F7C96"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DF9A027-4AA8-451D-B26E-3597F8513B97"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F48BA73-6453-498F-B33F-B630791BD41D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D7AE34E-A49F-47E0-80A3-E7CA8771EE18"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B112A955-8FCC-4C17-90F2-13D7755CC397"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B8C9320-CF79-4B9A-9370-CE2EEDA848CD"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E67B22C7-BD10-481C-B686-DB626B6E6434"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B735947D-3A98-45D2-A37D-560FD387B85B"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "502AEBAA-CB1B-403A-B9F4-37FF027B892D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B9EB256-80BF-4F63-8A80-0E7643DAC91D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F666302C-7D25-4230-B835-2B8852CD53F5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5A67824-47C5-494D-B8A8-7C7EDE51F979"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6530EC3A-9B67-41F2-B450-D0A8BB744AB7"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B23B1DC5-BB23-4C29-9B03-7AF5E7A33050"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C9D13DF-807D-4E22-85A3-1674DFC570E4"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9713A545-2BC0-4761-90A2-F80575A99302"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16967835-4E17-4260-B7FD-9A85B5BE43DE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F57DA292-66F8-4BE5-AD3B-C4400D6D1A42"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "385A9C6F-7933-4681-985E-31D7CED8B0FD"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76B241B7-DE7C-4F95-A742-164020FCAED3"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09429E70-C395-4E95-9C83-5BDC8083C0AE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9432656B-DB94-4E5F-83CB-38A9DA4FCA74"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37CD714F-30CD-4254-AF41-DEBEA9053706"
          },
          {
            "criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEC4C125-7594-4960-BF88-977D3A95D6BC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1"
          },
          {
            "criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*",
            "vulnerable": true,
            "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
