CVE-2014-9650

EPSS 0.32%

發布日:2015/1/27修改日:2026/4/28

描述

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

受影響套件(1)

Debian/rabbitmq-serverfrom 0, < 3.4.1-1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-9650