- Description
- Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 5.9
- Impact score
- 3.6
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-295
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "566164E6-65C1-4C27-99DB-16C4D0C6AB76",
"versionEndExcluding": "1.7.10",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41A3EA77-DF58-4670-8609-C0FA7A407C6E",
"versionEndExcluding": "2.0.6",
"versionStartIncluding": "2.0.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76B96B99-977B-4EF7-B02B-C3EC596F8B33",
"versionEndExcluding": "4.8.0"
},
{
"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "927F7576-0366-4EA6-B26E-8B4B438C1407",
"versionEndExcluding": "5.4.0",
"versionStartIncluding": "4.8.1"
}
],
"operator": "OR"
}
]
}
]