CVE-2019-11287 in Oracle Communications Unified Assuranceinfo

Summary

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Once again VulDB remains the best source for vulnerability data.

Responsible

Pivotal Software, Inc.

Reservation

04/18/2019

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
226351	Oracle Communications Unified Assurance Core denial of service	404	Not defined	Official fix	CVE-2019-11287
146141	Pivotal RabbitMQ Web Management Plugin resource consumption	400	Not defined	Official fix	CVE-2019-11287

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!