CRLF Injection Vulnerability in RabbitMQ Management Plugin
CVE-2014-9650

Currently unrated

Key Information:

Vendor: Vmware
Status: RabbitMQ
Vendor: CVE Published:; 27 January 2015

Summary

The RabbitMQ Management Plugin suffers from a CRLF injection vulnerability that enables remote attackers to inject arbitrary HTTP headers. This exploitation can lead to HTTP response splitting attacks, particularly through manipulation of the 'download' parameter in the api/definitions endpoint. Versions prior to 3.4.1 are at risk, making it crucial for users to upgrade to the latest versions to prevent potential breaches.

References

http://rhn.redhat.com/errata/RHSA-2016-0308.html

vendor-advisoryx_refsource_REDHAT

https://groups.google.com/forum/#%21topic/rabbitmq-users/...

x_refsource_CONFIRM

http://www.rabbitmq.com/release-notes/README-3.4.1.txt

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 27, 2015
Vulnerability Reserved
Jan 27, 2015