CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46118 – Denial of Service by publishing large messages over the HTTP API
https://notcve.org/view.php?id=CVE-2023-46118
RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. RabbitMQ es un corredor de transmisión y mensajería multiprotocolo. • https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html https://www.debian.org/security/2023/dsa-5571 https://access.redhat.com/security/cve/CVE-2023-46118 https://bugzilla.redhat.com/show_bug.cgi?id=2246512 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11087 – TLS validation error
https://notcve.org/view.php?id=CVE-2018-11087
Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. Pivotal Spring AMQP, en versiones 1.x anteriores a la 1.7.10 y versiones 2.x anteriores a la 2.0.6, expone una vulnerabilidad Man-in-the-Middle (MitM) debido a la falta de validación de nombres de host. Un usuario malicioso que pueda interceptar tráfico sería capaz de ver los datos en tránsito. • https://pivotal.io/security/cve-2018-11087 • CWE-295: Improper Certificate Validation •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9568
https://notcve.org/view.php?id=CVE-2014-9568
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter. puppetlabs-rabbitmq 3.0 hasta 4.1 almacena el valor de la cookie RabbitMQ Erlang en los hechos de un nodo, lo que permite a usuarios locales obtener información sensible como fue demostrado mediante el uso de Facter. • http://puppetlabs.com/security/cve/cve-2014-9568 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •