Multiple vulnerabilities in Pivotal RabbitMQ
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 |
| CWE-ID | CWE-79 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
RabbitMQ Client/Desktop applications / Messaging software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU38873
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4965
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsRabbitMQ: 1.5.0 - 3.6.7
CPE2.3- cpe:2.3:a:vmware:rabbitmq:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:rabbitmq:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:rabbitmq:1.5.2:*:*:*:*:*:*:*
https://www.securityfocus.com/bid/98394
https://pivotal.io/security/cve-2017-4965
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU38874
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4966
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsRabbitMQ: 1.5.0 - 3.6.7
CPE2.3- cpe:2.3:a:vmware:rabbitmq:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:rabbitmq:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:rabbitmq:1.5.2:*:*:*:*:*:*:*
https://pivotal.io/security/cve-2017-4966
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting
EUVDB-ID: #VU38875
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4967
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsRabbitMQ: 1.5.0 - 3.6.7
CPE2.3- cpe:2.3:a:vmware:rabbitmq:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:rabbitmq:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:rabbitmq:1.5.2:*:*:*:*:*:*:*
https://pivotal.io/security/cve-2017-4965
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
