fkie_cve-2014-9649
Vulnerability from fkie_nvd
Published
2015-01-27 20:02
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2F0CBEC-F440-45A0-8ED3-59C38B105BCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E1C34F-3CD0-40AD-83F8-4F1B941F0838",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F741941D-F4C9-4F29-ADFF-AC8A4234DFDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DE2226B-850C-48BF-BF22-4061EF8262D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED11458-F118-440F-88BE-E9EEF1231143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B82788D-183B-4177-B802-5941EB2390D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D4A89FF-EEA9-4BAF-8F83-D9BCE1617544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C91577-54C8-42BD-A5D2-17BBFDC72C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48FBD054-FEA5-4550-88CF-02C5DE814198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D97CE3D-526F-4841-B235-03E7C91F60FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F2EB8D-698A-4937-8272-035792C07E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE95D715-9F21-446B-8AFA-6B2CB5619DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62A39BD4-AB61-44B9-B5C9-FB6536F69A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66E07A00-731E-4F8B-B670-347EB96F6991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A72AC2-F9A6-4ADF-8930-D39BA92DED89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3753E6C4-00C7-4297-8E98-D07BE9E3AF15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2875491-991A-4014-B99C-A042A5D870DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB67C92-9D18-48C5-A6E7-1CBE9F9AD4A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B2AC8B6-9743-4167-AF3A-EAF5D9AE53E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8A2268-4FA1-405A-9CA6-2522F5AA68CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C6F7816-AB21-4D34-A98F-0159737329AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "93A123A0-1EDC-4EF6-9300-A265837EC18C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1069E3-5DAE-4B10-A18E-2FB8BE9CF8EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "856A46DD-B7B0-4649-9ADC-6927BDDFC2FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4AA3927-F1D2-472D-A505-5CED02059978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A465750-6168-4319-866B-D844EB4C88FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D27EDB36-9C20-471D-AFE3-36F62A2C106C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "682BA23A-199F-4591-AD30-EF43B34C227F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D55283F-EA8E-4D12-B49E-D5392242CCF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE08D41D-9782-44B1-A051-EF4BEC861C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA0EBB7-35CF-4C57-99E3-F5AA0F09781F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "051E5698-D006-4BE9-9C7E-5E70654CC1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D29505A-FE4D-4CC2-96EA-13439B1536D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B7EA539-A2AB-4FD4-8CB5-575A594437F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB3E04F-7C2D-4121-94E6-09C31BA44C37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFAC64E9-0DF2-4350-B2A9-225E841CCF74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8691A77-2BD3-4C6B-97BA-C5904149D9DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22BC770-52AF-44DD-BEC7-B989B8C08717",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CE91D7-DA1B-4547-B903-A2536E4B3EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B1078BE-B70C-4419-95AC-68ED4AC56EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "27719DEB-CC36-4DAB-8564-248263F48010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7975F3B-30A9-445B-9D39-8A308670264B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "80944B21-FAC3-49A6-878F-173B5A5AD24E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "755456D9-7249-4092-970C-230729E2F856",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el plugin de gesti\u00f3n en RabbitMQ 2.1.0 hasta 3.4.x anterior a 3.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la informaci\u00f3n de rutas en api/, lo que no se maneja correctamente en un mensaje de error."
    }
  ],
  "id": "CVE-2014-9649",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-27T20:02:39.637",
  "references": [
    {
      "source": "security@ubuntu.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/21/13"
    },
    {
      "source": "security@ubuntu.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"
    },
    {
      "source": "security@ubuntu.com",
      "url": "http://www.securityfocus.com/bid/76084"
    },
    {
      "source": "security@ubuntu.com",
      "url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/01/21/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs"
    }
  ],
  "sourceIdentifier": "security@ubuntu.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…