CVE-2014-9650
RabbitMQ: /api/definitions response splitting vulnerability
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
Vulnerabilidad de inyección CRLF en el plugin de gestión en RabbitMQ 2.1.0 hasta 3.4.x anterior a 3.4.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través del parámetro download en api/definitions.
A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-27 CVE Reserved
- 2015-01-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/01/21/13 | Mailing List |
|
| http://www.securityfocus.com/bid/76091 | Vdb Entry | |
| https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-0308.html | 2023-11-07 | |
| http://www.rabbitmq.com/release-notes/README-3.4.1.txt | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-9650 | 2016-03-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1185515 | 2016-03-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.1.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.1.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.1.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.1.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.2.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.2.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.3.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.3.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.3.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.3.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.4.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.4.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.4.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.4.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.5.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.5.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.6.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.6.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.6.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.6.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.7.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.7.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.7.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.7.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.0 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.1 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.2 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.3 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.4 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.5 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.6 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.6" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 2.8.7 Search vendor "Vmware" for product "Rabbitmq" and version "2.8.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.0.0 Search vendor "Vmware" for product "Rabbitmq" and version "3.0.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.0.1 Search vendor "Vmware" for product "Rabbitmq" and version "3.0.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.0.2 Search vendor "Vmware" for product "Rabbitmq" and version "3.0.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.0.3 Search vendor "Vmware" for product "Rabbitmq" and version "3.0.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.0.4 Search vendor "Vmware" for product "Rabbitmq" and version "3.0.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.1.0 Search vendor "Vmware" for product "Rabbitmq" and version "3.1.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.1.1 Search vendor "Vmware" for product "Rabbitmq" and version "3.1.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.1.2 Search vendor "Vmware" for product "Rabbitmq" and version "3.1.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.1.3 Search vendor "Vmware" for product "Rabbitmq" and version "3.1.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.1.4 Search vendor "Vmware" for product "Rabbitmq" and version "3.1.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.1.5 Search vendor "Vmware" for product "Rabbitmq" and version "3.1.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.2.0 Search vendor "Vmware" for product "Rabbitmq" and version "3.2.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.2.1 Search vendor "Vmware" for product "Rabbitmq" and version "3.2.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.2.2 Search vendor "Vmware" for product "Rabbitmq" and version "3.2.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.2.3 Search vendor "Vmware" for product "Rabbitmq" and version "3.2.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.2.4 Search vendor "Vmware" for product "Rabbitmq" and version "3.2.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.3.0 Search vendor "Vmware" for product "Rabbitmq" and version "3.3.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.3.1 Search vendor "Vmware" for product "Rabbitmq" and version "3.3.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.3.2 Search vendor "Vmware" for product "Rabbitmq" and version "3.3.2" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.3.3 Search vendor "Vmware" for product "Rabbitmq" and version "3.3.3" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.3.4 Search vendor "Vmware" for product "Rabbitmq" and version "3.3.4" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.3.5 Search vendor "Vmware" for product "Rabbitmq" and version "3.3.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Rabbitmq Search vendor "Vmware" for product "Rabbitmq" | 3.4.0 Search vendor "Vmware" for product "Rabbitmq" and version "3.4.0" | - |
Affected
| ||||||