CVE-2014-9650

Currently unrated

Key Information:

Vendor: Vmware
Status: RabbitMQ
Vendor: CVE Published:; 27 January 2015

Summary

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

References

http://rhn.redhat.com/errata/RHSA-2016-0308.html

vendor-advisoryx_refsource_REDHAT

https://groups.google.com/forum/#%21topic/rabbitmq-users/...

x_refsource_CONFIRM

http://www.rabbitmq.com/release-notes/README-3.4.1.txt

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Jan 27, 2015