Search criteria
6 vulnerabilities found for RabbitMQ for PCF by Pivotal
VAR-201706-0534
Vulnerability from variot - Updated: 2025-04-20 22:29An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack. Pivotal RabbitMQ Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal RabbitMQ Products are prone to local information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. ========================================================================== Ubuntu Security Notice USN-6265-1 July 31, 2023
rabbitmq-server vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
RabbitMQ could be made to expose sensitive information.
Software Description: - rabbitmq-server: AMQP server written in Erlang
Details:
It was discovered that RabbitMQ incorrectly handled certain signed-in user credentials.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS (Available with Ubuntu Pro): rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm2
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6265-1 CVE-2017-4966
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.7.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.7.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.7.13"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.7.10"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.5.10"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.6.16"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.7.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.5.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.7.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.3,
"vendor": "pivotal",
"version": "3.6.6"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.0"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.3"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.6"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.13"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.12"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.6.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.19"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.0"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.14"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.5.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.14"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.5.7"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.11"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.15"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.5.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.17"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.10"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.15"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.14"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.18"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.12"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.5"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.4"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.13"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.1"
},
{
"model": "rabbitmq",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "1.7.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.4.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "for pcf 1.6.18"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "for pcf 1.5.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.5.x"
},
{
"model": "rabbitmq",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.6.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "for pcf 1.7.15"
},
{
"model": "rabbitmq",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "1.6.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.6.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "3.4.1"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.7"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.12"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.4"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.3"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.2"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.1"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.5.20"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.5.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.4"
},
{
"model": "rabbitmq for pcf",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.7.15"
},
{
"model": "rabbitmq for pcf",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.18"
},
{
"model": "rabbitmq",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.6.9"
}
],
"sources": [
{
"db": "BID",
"id": "98405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:pivotal_software:rabbitmq",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Security Team.",
"sources": [
{
"db": "BID",
"id": "98405"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
}
],
"trust": 0.9
},
"cve": "CVE-2017-4966",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-4966",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-4966",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-4966",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-4966",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-4966",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1249",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-4966",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser\u0027s local storage without expiration, making it possible to retrieve them using a chained attack. Pivotal RabbitMQ Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Pivotal RabbitMQ Products are prone to local information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. ==========================================================================\nUbuntu Security Notice USN-6265-1\nJuly 31, 2023\n\nrabbitmq-server vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS (Available with Ubuntu Pro)\n\nSummary:\n\nRabbitMQ could be made to expose sensitive information. \n\nSoftware Description:\n- rabbitmq-server: AMQP server written in Erlang\n\nDetails:\n\nIt was discovered that RabbitMQ incorrectly handled certain signed-in user\ncredentials. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS (Available with Ubuntu Pro):\n rabbitmq-server 3.5.7-1ubuntu0.16.04.4+esm2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://ubuntu.com/security/notices/USN-6265-1\n CVE-2017-4966\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-4966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "BID",
"id": "98405"
},
{
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"db": "PACKETSTORM",
"id": "173857"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-4966",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2432",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249",
"trust": 0.6
},
{
"db": "BID",
"id": "98405",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2017-4966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "173857",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"db": "BID",
"id": "98405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "PACKETSTORM",
"id": "173857"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"id": "VAR-201706-0534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-04-20T22:29:14.391000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-4966: RabbitMQ local storage of credentials",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2017-4966"
},
{
"title": "Pivotal RabbitMQ and RabbitMQ for PCF Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70584"
},
{
"title": "Red Hat: CVE-2017-4966",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-4966"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2017-4965 CVE-2017-4966 CVE-2017-4967",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6b6ae5ada791d0845be3b03f58e84470"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-4966"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://pivotal.io/security/cve-2017-4966"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-4966"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-4966"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2432"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.3,
"url": "https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/98405"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-4966"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-6265-1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"db": "BID",
"id": "98405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "PACKETSTORM",
"id": "173857"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"db": "BID",
"id": "98405"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"db": "PACKETSTORM",
"id": "173857"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"date": "2017-05-04T00:00:00",
"db": "BID",
"id": "98405"
},
{
"date": "2017-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"date": "2023-08-01T16:34:49",
"db": "PACKETSTORM",
"id": "173857"
},
{
"date": "2017-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"date": "2017-06-13T06:29:00.503000",
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-4966"
},
{
"date": "2017-05-23T16:25:00",
"db": "BID",
"id": "98405"
},
{
"date": "2017-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004862"
},
{
"date": "2022-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1249"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-4966"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "98405"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pivotal RabbitMQ Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1249"
}
],
"trust": 0.6
}
}
VAR-201706-0533
Vulnerability from variot - Updated: 2025-04-20 20:10An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Pivotal RabbitMQ Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Pivotal RabbitMQ products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.9,
"vendor": "pivotal",
"version": "3.6.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.5.19"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.5.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.6.15"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.6,
"vendor": "pivotal",
"version": "1.5.3"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.0"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.3"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.6"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.13"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.12"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.6.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.9"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.0"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.14"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.5.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.10"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.14"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.5.7"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.10"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.11"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.5.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.17"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.4"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.10"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.15"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.14"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.13"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.18"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.5.12"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.5"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.4"
},
{
"model": "rabbitmq server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.4.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.13"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.8"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.0"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.7.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "3.6.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 1.0,
"vendor": "pivotal",
"version": "1.6.16"
},
{
"model": "rabbitmq",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "1.7.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.4.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "for pcf 1.6.18"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "for pcf 1.5.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.5.x"
},
{
"model": "rabbitmq",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.6.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "for pcf 1.7.15"
},
{
"model": "rabbitmq",
"scope": "lt",
"trust": 0.8,
"vendor": "pivotal",
"version": "1.6.x"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.8,
"vendor": "pivotal",
"version": "3.6.9"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "3.4.3"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "3.6.7"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "3.4.1"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "3.4.2"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.6,
"vendor": "pivotal",
"version": "3.4.0"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.7.7"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.7"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.12"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.4"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.3"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.2"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.1"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.5.20"
},
{
"model": "rabbitmq for pcf",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.6"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.5"
},
{
"model": "rabbitmq",
"scope": "eq",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.4"
},
{
"model": "rabbitmq for pcf",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.7.15"
},
{
"model": "rabbitmq for pcf",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "1.6.18"
},
{
"model": "rabbitmq",
"scope": "ne",
"trust": 0.3,
"vendor": "pivotal",
"version": "3.6.9"
}
],
"sources": [
{
"db": "BID",
"id": "98394"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:pivotal_software:rabbitmq",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Security Team and by Brandon Williams from Early Warning.",
"sources": [
{
"db": "BID",
"id": "98394"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
}
],
"trust": 0.9
},
"cve": "CVE-2017-4965",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-4965",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-4965",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-4965",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-4965",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-4965",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-1213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-4965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. Pivotal RabbitMQ Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Pivotal RabbitMQ products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-4965"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "BID",
"id": "98394"
},
{
"db": "VULMON",
"id": "CVE-2017-4965"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-4965",
"trust": 2.8
},
{
"db": "BID",
"id": "98394",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.2432",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-4965",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"db": "BID",
"id": "98394"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"id": "VAR-201706-0533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2025-04-20T20:10:58.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-4965 and CVE-2017-4967: XSS vulnerabilities in RabbitMQ management UI",
"trust": 0.8,
"url": "https://pivotal.io/security/cve-2017-4965"
},
{
"title": "Pivotal RabbitMQ and Pivotal RabbitMQ for PCF Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70557"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2017-4965 CVE-2017-4966 CVE-2017-4967",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6b6ae5ada791d0845be3b03f58e84470"
},
{
"title": "Red Hat: CVE-2017-4965",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2017-4965"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2017-4965"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a31bff03e9909229fd67996884614fdf"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://pivotal.io/security/cve-2017-4965"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/98394"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-4965"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-4965"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2432"
},
{
"trust": 0.3,
"url": "http://pivotal.io/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863586"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2017-4965"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"db": "BID",
"id": "98394"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"db": "BID",
"id": "98394"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"date": "2017-05-11T00:00:00",
"db": "BID",
"id": "98394"
},
{
"date": "2017-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"date": "2017-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"date": "2017-06-13T06:29:00.457000",
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-19T00:00:00",
"db": "VULMON",
"id": "CVE-2017-4965"
},
{
"date": "2017-05-23T16:24:00",
"db": "BID",
"id": "98394"
},
{
"date": "2017-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-004861"
},
{
"date": "2022-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-1213"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-4965"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pivotal RabbitMQ Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-004861"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-1213"
}
],
"trust": 0.6
}
}
CVE-2019-11281 (GCVE-0-2019-11281)
Vulnerability from nvd – Published: 2019-10-16 15:23 – Updated: 2024-09-16 19:05
VLAI?
Title
RabbitMQ XSS attack
Summary
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Pivotal | RabbitMQ |
Affected:
prior to v3.7.18
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMQ",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "prior to v3.7.18"
}
]
},
{
"product": "RabbitMQ for PCF",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.15.x prior to 1.15.13"
},
{
"status": "affected",
"version": "11.16.x prior to 1.16.6"
},
{
"status": "affected",
"version": "1.17.x prior to 1.17.3"
}
]
}
],
"datePublic": "2019-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Cross-site Scripting (XSS) - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T19:06:24",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ XSS attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-15T20:59:25.000Z",
"ID": "CVE-2019-11281",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ XSS attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMQ",
"version": {
"version_data": [
{
"version_value": "prior to v3.7.18"
}
]
}
},
{
"product_name": "RabbitMQ for PCF",
"version": {
"version_data": [
{
"version_value": "1.15.x prior to 1.15.13"
},
{
"version_value": "11.16.x prior to 1.16.6"
},
{
"version_value": "1.17.x prior to 1.17.3"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting (XSS) - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11281",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11281",
"datePublished": "2019-10-16T15:23:47.309415Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T19:05:38.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1279 (GCVE-0-2018-1279)
Vulnerability from nvd – Published: 2018-12-10 19:00 – Updated: 2024-09-17 00:37
VLAI?
Title
RabbitMQ cluster compromise due to deterministically generated cookie
Summary
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
Severity ?
8.5 (High)
CWE
- Use of Insufficiently Random Values
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | RabbitMq for PCF |
Affected:
1 , < all versions*
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-1279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMq for PCF",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "all versions*",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-1279"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ cluster compromise due to deterministically generated cookie",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-12-05T00:00:00.000Z",
"ID": "CVE-2018-1279",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ cluster compromise due to deterministically generated cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMq for PCF",
"version": {
"version_data": [
{
"affected": "\u003e",
"version_affected": "\u003e",
"version_name": "all versions",
"version_value": "1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-1279",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1279"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1279",
"datePublished": "2018-12-10T19:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T00:37:15.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11281 (GCVE-0-2019-11281)
Vulnerability from cvelistv5 – Published: 2019-10-16 15:23 – Updated: 2024-09-16 19:05
VLAI?
Title
RabbitMQ XSS attack
Summary
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Pivotal | RabbitMQ |
Affected:
prior to v3.7.18
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMQ",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "prior to v3.7.18"
}
]
},
{
"product": "RabbitMQ for PCF",
"vendor": "Pivotal",
"versions": [
{
"status": "affected",
"version": "1.15.x prior to 1.15.13"
},
{
"status": "affected",
"version": "11.16.x prior to 1.16.6"
},
{
"status": "affected",
"version": "1.17.x prior to 1.17.3"
}
]
}
],
"datePublic": "2019-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Cross-site Scripting (XSS) - Generic",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T19:06:24",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ XSS attack",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2019-10-15T20:59:25.000Z",
"ID": "CVE-2019-11281",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ XSS attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMQ",
"version": {
"version_data": [
{
"version_value": "prior to v3.7.18"
}
]
}
},
{
"product_name": "RabbitMQ for PCF",
"version": {
"version_data": [
{
"version_value": "1.15.x prior to 1.15.13"
},
{
"version_value": "11.16.x prior to 1.16.6"
},
{
"version_value": "1.17.x prior to 1.17.3"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Cross-site Scripting (XSS) - Generic"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2019-11281",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11281"
},
{
"name": "FEDORA-2019-6497f51791",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/"
},
{
"name": "FEDORA-2019-74d2feb5be",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/"
},
{
"name": "RHSA-2020:0078",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0078"
},
{
"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2019-11281",
"datePublished": "2019-10-16T15:23:47.309415Z",
"dateReserved": "2019-04-18T00:00:00",
"dateUpdated": "2024-09-16T19:05:38.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1279 (GCVE-0-2018-1279)
Vulnerability from cvelistv5 – Published: 2018-12-10 19:00 – Updated: 2024-09-17 00:37
VLAI?
Title
RabbitMQ cluster compromise due to deterministically generated cookie
Summary
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.
Severity ?
8.5 (High)
CWE
- Use of Insufficiently Random Values
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pivotal | RabbitMq for PCF |
Affected:
1 , < all versions*
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pivotal.io/security/cve-2018-1279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RabbitMq for PCF",
"vendor": "Pivotal",
"versions": [
{
"lessThan": "all versions*",
"status": "affected",
"version": "1",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-10T18:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pivotal.io/security/cve-2018-1279"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RabbitMQ cluster compromise due to deterministically generated cookie",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-12-05T00:00:00.000Z",
"ID": "CVE-2018-1279",
"STATE": "PUBLIC",
"TITLE": "RabbitMQ cluster compromise due to deterministically generated cookie"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RabbitMq for PCF",
"version": {
"version_data": [
{
"affected": "\u003e",
"version_affected": "\u003e",
"version_name": "all versions",
"version_value": "1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-1279",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-1279"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1279",
"datePublished": "2018-12-10T19:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T00:37:15.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}