Summary
RabbitMQ is prone to a security-bypass vulnerability.
Impact
An attacker can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Solution
Updates are available.
Insight
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
Affected
RabbitMQ 3.3.0 is vulnerable. Other versions may also be affected.
Detection
Send a HTTP GET request with a fake X-Forwarded-For header and check the response
Severity
Classification
-
CVE CVE-2014-9494 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Tiles Multiple XSS Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities