CVE-2019-11287
Severity
7.5HIGH
EPSS
3.1%
top 13.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 23
Latest updateApr 15
Description
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages8 packages
Also affects: Debian Linux 9.0, Fedora 30, 31
🔴Vulnerability Details
5📋Vendor Advisories
4Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Core (Pivotal RabbitMQ) — CVE-2019-11287↗2023-04-15
Red Hat▶
rabbitmq-server: "X-Reason" HTTP Header can be leveraged to insert a malicious string leading to DoS↗2019-12-13
Debian▶
CVE-2019-11287: rabbitmq-server - Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and R...↗2019
💬Community
3Bugzilla▶
CVE-2019-11287 rabbitmq-server: "X-Reason" HTTP Header can be leveraged to insert a malicious string leading to DoS [openstack-rdo]↗2019-12-13
Bugzilla▶
CVE-2019-11287 rabbitmq-server: "X-Reason" HTTP Header can be leveraged to insert a malicious string leading to DoS↗2019-12-13
Bugzilla▶
CVE-2019-11287 rabbitmq-server: "X-Reason" HTTP Header can be leveraged to insert a malicious string leading to DoS [fedora-all]↗2019-12-13