CVE-2014-9494

CWE-264CWE-20Improper Input Validation7 documents7 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 39.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pivotal Software Rabbitmq
Timeline
PublishedJan 20
Latest updateMay 14

Description

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianrabbitmq-server< 3.4.1-1+3

🔴Vulnerability Details

3
GHSA
GHSA-rgxx-9mfj-x5rf: RabbitMQ before 32022-05-14
CVEList
CVE-2014-9494: RabbitMQ before 32015-01-20
OSV
CVE-2014-9494: RabbitMQ before 32015-01-20

📋Vendor Advisories

2
Red Hat
rabbitmq-server: insufficient 'X-Forwarded-For' header validation2014-10-15
Debian
CVE-2014-9494: rabbitmq-server - RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restr...2014

💬Community

1
Bugzilla
CVE-2014-9494 rabbitmq-server: insufficient 'X-Forwarded-For' header validation2014-12-16
CVE-2014-9494 (MEDIUM CVSS 5) | RabbitMQ before 3.4.0 allows remote | cvebase.io