CRLF Injection Vulnerability in RabbitMQ Management Plugin
CVE-2014-9650

Currently unrated

Key Information:

Vendor
Vmware
Status
Vendor
CVE Published:
27 January 2015

Summary

The RabbitMQ Management Plugin suffers from a CRLF injection vulnerability that enables remote attackers to inject arbitrary HTTP headers. This exploitation can lead to HTTP response splitting attacks, particularly through manipulation of the 'download' parameter in the api/definitions endpoint. Versions prior to 3.4.1 are at risk, making it crucial for users to upgrade to the latest versions to prevent potential breaches.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.