CVE-2015-8786

CWE-399CWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
6.5MEDIUM
EPSS
1.3%
top 20.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle SolarisPivotal Software Rabbitmq
Timeline
PublishedDec 9
Latest updateMay 14

Description

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianrabbitmq-server< 3.6.5-1+3
NVDoracle/solaris11.3

Patches

Patch: www.oracle.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-c22c-f732-2pwg: The Management plugin in RabbitMQ before 32022-05-14
OSV
CVE-2015-8786: The Management plugin in RabbitMQ before 32016-12-09
CVEList
CVE-2015-8786: The Management plugin in RabbitMQ before 32016-12-09

📋Vendor Advisories

2
Red Hat
rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin2015-12-29
Debian
CVE-2015-8786: rabbitmq-server - The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users...2015

💬Community

2
Bugzilla
CVE-2015-8786 rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin2016-12-13
Bugzilla
CVE-2015-8786 rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin [epel-all]2016-12-13
CVE-2015-8786 (MEDIUM CVSS 6.5) | The Management plugin in RabbitMQ b | cvebase.io