Summary
RabbitMQ is prone to a security-bypass vulnerability.
Impact
An attacker can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.
Solution
Updates are available.
Insight
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.
Affected
RabbitMQ 3.3.0 is vulnerable. Other versions may also be affected.
Detection
Send a HTTP GET request with a fake X-Forwarded-For header and check the response
Severity
Classification
-
CVE CVE-2014-9494 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities