Main Vulnerability Database Vulnerabilities #VU40924

Input validation error in RabbitMQ - CVE-2014-9650

Published: January 27, 2015 / Updated: August 19, 2020

Vulnerability identifier: #VU40924

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-9650

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: VMware, Inc

Affected software:
RabbitMQ

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

How to mitigate CVE-2014-9650

Install update from vendor's website.

Sources

http://rhn.redhat.com/errata/RHSA-2016-0308.html
http://www.openwall.com/lists/oss-security/2015/01/21/13
http://www.rabbitmq.com/release-notes/README-3.4.1.txt
http://www.securityfocus.com/bid/76091
https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs

Input validation error in RabbitMQ - CVE-2014-9650

Detailed vulnerability description

How to mitigate CVE-2014-9650

Sources

Please verify you're human