Home > Vulnerability Database > CVE-2014-9650

Mend.io Vulnerability Database

CVE-2014-9650

Good to know:

Date: January 27, 2015

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Language: ERLANG

Severity Score

5.3

Related Resources (8)

Url: http://www.openwall.com/lists/oss-security/2015/01/21/13

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-9650

Url: http://www.rabbitmq.com/release-notes/README-3.4.1.txt

Url: http://rhn.redhat.com/errata/RHSA-2016-0308.html

Url: http://www.securityfocus.com/bid/76091

Url: https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs

Url: https://security-tracker.debian.org/tracker/CVE-2014-9650

Url: https://www.mend.io/vulnerability-database/CVE-2014-9650

Severity Score

5.3

Top Fix

Upgrade Version

Upgrade to version rabbitmq_v3_4_1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-9650

Good to know:

Date: January 27, 2015

Language: ERLANG

Severity Score

Related Resources (8)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?