CRLF Injection Vulnerability in RabbitMQ Management Plugin
CVE-2014-9650
Currently unrated
Summary
The RabbitMQ Management Plugin suffers from a CRLF injection vulnerability that enables remote attackers to inject arbitrary HTTP headers. This exploitation can lead to HTTP response splitting attacks, particularly through manipulation of the 'download' parameter in the api/definitions endpoint. Versions prior to 3.4.1 are at risk, making it crucial for users to upgrade to the latest versions to prevent potential breaches.
References
Timeline
Vulnerability published
Vulnerability Reserved