// For flags

CVE-2019-11287

RabbitMQ Web Management Plugin DoS via heap overflow

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Pivotal RabbitMQ, versiones 3.7.x anteriores a 3.7.21 y versiones 3.8.x anteriores a 3.8.1, y RabbitMQ para Pivotal Platform, versiones 1.16.x anteriores a 1.16.7 y versiones 1.17.x versiones anteriores a 1.17.4, contienen un plugin de administración web que es vulnerable a un ataque de denegación de servicio. El encabezado "X-Reason" de HTTP puede ser aprovechado para insertar una cadena de formato Erlang maliciosa que expandirá y consumirá la pila, resultando en el bloqueo del servidor.

A resource-consumption flaw was identified in the rabbitmq-server web management plugin. Utilizing a malicious 'X-Reason' HTTP header, a remote attacker could insert a malicious Erlang format string which will expand and consume heap memory, resulting in a crash. The highest threat from this vulnerability is system availability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-04-18 CVE Reserved
  • 2019-11-22 CVE Published
  • 2024-03-17 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-134: Use of Externally-Controlled Format String
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pivotal Software
Search vendor "Pivotal Software"
Rabbitmq
Search vendor "Pivotal Software" for product "Rabbitmq"
>= 1.16.0 < 1.16.7
Search vendor "Pivotal Software" for product "Rabbitmq" and version " >= 1.16.0 < 1.16.7"
pivotal_cloud_foundry
Affected
Pivotal Software
Search vendor "Pivotal Software"
Rabbitmq
Search vendor "Pivotal Software" for product "Rabbitmq"
>= 1.17.0 < 1.17.4
Search vendor "Pivotal Software" for product "Rabbitmq" and version " >= 1.17.0 < 1.17.4"
pivotal_cloud_foundry
Affected
Pivotal Software
Search vendor "Pivotal Software"
Rabbitmq
Search vendor "Pivotal Software" for product "Rabbitmq"
>= 3.7.0 < 3.7.21
Search vendor "Pivotal Software" for product "Rabbitmq" and version " >= 3.7.0 < 3.7.21"
-
Affected
Vmware
Search vendor "Vmware"
Rabbitmq
Search vendor "Vmware" for product "Rabbitmq"
>= 3.8.0 < 3.8.1
Search vendor "Vmware" for product "Rabbitmq" and version " >= 3.8.0 < 3.8.1"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
30
Search vendor "Fedoraproject" for product "Fedora" and version "30"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected
Redhat
Search vendor "Redhat"
Openstack
Search vendor "Redhat" for product "Openstack"
15
Search vendor "Redhat" for product "Openstack" and version "15"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected