CVE-2014-9650 — HTTP Request/Response Splitting in Rabbitmq Server

CWE-113 — HTTP Request/Response Splitting7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 44.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rabbitmq Rabbitmq-server Broadcom Rabbitmq Server

Timeline

PublishedJan 27

Latest updateMay 13

Description

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianrabbitmq/rabbitmq-server< 3.4.1-1+3

▶NVDbroadcom/rabbitmq_server44 versions+43

🔴Vulnerability Details

GHSA

GHSA-7vh8-m3cm-3hh4: CRLF injection vulnerability in the management plugin in RabbitMQ 2↗2022-05-13

▶

CVEList

CVE-2014-9650: CRLF injection vulnerability in the management plugin in RabbitMQ 2↗2015-01-27

▶

OSV

CVE-2014-9650: CRLF injection vulnerability in the management plugin in RabbitMQ 2↗2015-01-27

▶

📋Vendor Advisories

Red Hat

RabbitMQ: /api/definitions response splitting vulnerability↗2014-10-29

▶

Debian

CVE-2014-9650: rabbitmq-server - CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through ...↗2014

▶

💬Community

Bugzilla

CVE-2014-9650 RabbitMQ: /api/definitions response splitting vulnerability↗2015-01-24

▶