CVE-2016-9877 in RabbitMQالمعلومات

الملخص

بحسب MITRE

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

06/12/2016

إفشاء

29/12/2016

الاعتدال

تمت الموافقة

إدخال

VDB-94708

CPE

جاهز

CWE

CWE-284 (مؤكد)

CVSS

9.8 (NVD)

EPSS

0.00200

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-9877
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-9877
CVE Details	https://www.cvedetails.com/cve/CVE-2016-9877/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!