PT-2017-4084 · Pivotal+1 · Rabbitmq For Pcf+1

Publicado

2017-06-13

·

Atualizado

2025-04-02

·

CVE-2017-4967

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions RabbitMQ versions 3.4.x through 3.5.x RabbitMQ versions 3.6.x prior to 3.6.9 RabbitMQ for PCF versions 1.5.x RabbitMQ for PCF versions 1.6.x prior to 1.6.18 RabbitMQ for PCF versions 1.7.x prior to 1.7.15
Description The issue is related to insufficient protection measures in the RabbitMQ management UI, which can be exploited by a remote attacker to impact data integrity. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
Recommendations For RabbitMQ versions 3.4.x through 3.5.x, update to a version after 3.5.x. For RabbitMQ versions 3.6.x prior to 3.6.9, update to version 3.6.9 or later. For RabbitMQ for PCF versions 1.5.x, update to a version after 1.5.x. For RabbitMQ for PCF versions 1.6.x prior to 1.6.18, update to version 1.6.18 or later. For RabbitMQ for PCF versions 1.7.x prior to 1.7.15, update to version 1.7.15 or later. As a temporary workaround, consider restricting access to the vulnerable RabbitMQ management UI forms until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2021-01441
CVE-2017-4967
DLA-2710-1
DLA-2710-2
SUSE-RU-2020:2072-1

Produtos afetados

Rabbitmq
Rabbitmq For Pcf