// For flags

CVE-2014-9650

RabbitMQ: /api/definitions response splitting vulnerability

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Vulnerabilidad de inyección CRLF en el plugin de gestión en RabbitMQ 2.1.0 hasta 3.4.x anterior a 3.4.1 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y realizar ataques de división de respuestas HTTP a través del parámetro download en api/definitions.

A response-splitting vulnerability was discovered in RabbitMQ. An /api/definitions URL could be specified, which then caused an arbitrary additional header to be returned. A remote attacker could use this flaw to inject arbitrary HTTP headers and possibly gain access to secure data.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-01-27 CVE Reserved
  • 2015-01-27 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.1.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.1.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.1.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.1.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.2.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.2.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.3.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.3.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.3.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.3.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.4.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.4.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.4.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.4.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.5.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.5.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.5.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.5.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.6.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.6.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.6.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.6.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.7.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.7.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.7.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.7.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.0
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.1
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.2
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.2"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.3
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.3"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.4
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.4"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.5
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.5"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.6
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.6"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
2.8.7
Search vendor "Vmware" for product "Rabbitmq" and version "2.8.7"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.0.0
Search vendor "Vmware" for product "Rabbitmq" and version "3.0.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.0.1
Search vendor "Vmware" for product "Rabbitmq" and version "3.0.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.0.2
Search vendor "Vmware" for product "Rabbitmq" and version "3.0.2"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.0.3
Search vendor "Vmware" for product "Rabbitmq" and version "3.0.3"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.0.4
Search vendor "Vmware" for product "Rabbitmq" and version "3.0.4"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.1.0
Search vendor "Vmware" for product "Rabbitmq" and version "3.1.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.1.1
Search vendor "Vmware" for product "Rabbitmq" and version "3.1.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.1.2
Search vendor "Vmware" for product "Rabbitmq" and version "3.1.2"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.1.3
Search vendor "Vmware" for product "Rabbitmq" and version "3.1.3"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.1.4
Search vendor "Vmware" for product "Rabbitmq" and version "3.1.4"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.1.5
Search vendor "Vmware" for product "Rabbitmq" and version "3.1.5"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.2.0
Search vendor "Vmware" for product "Rabbitmq" and version "3.2.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.2.1
Search vendor "Vmware" for product "Rabbitmq" and version "3.2.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.2.2
Search vendor "Vmware" for product "Rabbitmq" and version "3.2.2"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.2.3
Search vendor "Vmware" for product "Rabbitmq" and version "3.2.3"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.2.4
Search vendor "Vmware" for product "Rabbitmq" and version "3.2.4"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.3.0
Search vendor "Vmware" for product "Rabbitmq" and version "3.3.0"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.3.1
Search vendor "Vmware" for product "Rabbitmq" and version "3.3.1"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.3.2
Search vendor "Vmware" for product "Rabbitmq" and version "3.3.2"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.3.3
Search vendor "Vmware" for product "Rabbitmq" and version "3.3.3"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.3.4
Search vendor "Vmware" for product "Rabbitmq" and version "3.3.4"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.3.5
Search vendor "Vmware" for product "Rabbitmq" and version "3.3.5"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
3.4.0
Search vendor "Vmware" for product "Rabbitmq" and version "3.4.0"
-
Affected