Lucene search
DellCVE-2017-4966HistoryJun 13, 2017 - 6:29 a.m.
CVE-2017-4966
2017-06-1306:29:00
CWE-200
dell
web.nvd.nist.gov
63
4
cve-2017-4966
pivotal rabbitmq
rabbitmq for pcf
user credentials
local storage
chained attack
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0
Percentile
12.6%
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser’s local storage without expiration, making it possible to retrieve them using a chained attack.
Affected configurations
Node
pivotal_softwarerabbitmqMatch3.5.4
ORpivotal_softwarerabbitmqMatch3.5.5
ORpivotal_softwarerabbitmqMatch3.5.7
ORpivotal_softwarerabbitmqMatch3.6.0
ORpivotal_softwarerabbitmqMatch3.6.1
ORpivotal_softwarerabbitmqMatch3.6.2
ORpivotal_softwarerabbitmqMatch3.6.3
ORpivotal_softwarerabbitmqMatch3.6.4
ORpivotal_softwarerabbitmqMatch3.6.5
ORpivotal_softwarerabbitmqMatch3.6.6
ORvmwarerabbitmqMatch3.4.0
ORvmwarerabbitmqMatch3.4.1
ORvmwarerabbitmqMatch3.4.2
ORvmwarerabbitmqMatch3.4.3
ORvmwarerabbitmqMatch3.4.4
ORvmwarerabbitmqMatch3.5.0
ORvmwarerabbitmqMatch3.5.1
ORvmwarerabbitmqMatch3.5.2
ORvmwarerabbitmqMatch3.5.3
ORvmwarerabbitmqMatch3.5.6
ORvmwarerabbitmqMatch3.6.7
Node
pivotal_softwarerabbitmqMatch1.5.0pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.1pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.2pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.3pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.4pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.5pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.6pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.7pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.8pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.9pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.10pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.11pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.12pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.13pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.14pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.15pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.17pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.18pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.5.19pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.0pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.1pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.2pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.3pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.4pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.5pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.6pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.7pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.8pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.9pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.10pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.12pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.13pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.14pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.15pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.6.16pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.0pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.2pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.3pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.4pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.5pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.6pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.7pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.8pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.9pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.10pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.13pivotal_cloud_foundry
ORpivotal_softwarerabbitmqMatch1.7.14pivotal_cloud_foundry
Node
debiandebian_linuxMatch9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pivotal_software | rabbitmq | 3.5.4 | cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.5.5 | cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.5.7 | cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.0 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.1 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.2 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.3 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.4 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.5 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:* |
| pivotal_software | rabbitmq | 3.6.6 | cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Pivotal RabbitMQ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Pivotal RabbitMQ"
}
]
}
]References
Social References
More
Related
redhatcve
redhatcve
CVE-2017-4966
2017-05-05 09:19:48
openvas
openvas
Ubuntu: Security Advisory (USN-6265-1)
2023-08-01 00:00:00
Debian: Security Advisory (DLA-2710-1)
2021-07-20 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : RabbitMQ vulnerability (USN-6265-1)
2023-07-31 00:00:00
Pivotal RabbitMQ Management Plugin 3.4.x / 3.5.x / 3.6.x < 3.6.9 Multiple Vulnerabilities
2017-05-19 00:00:00
RHEL 6 : rabbitmq (Unpatched Vulnerability)
2024-05-11 00:00:00
ubuntucve
ubuntucve
CVE-2017-4966
2017-06-13 00:00:00
prion
prion
Design/Logic Flaw
2017-06-13 06:29:00
nvd
nvd
CVE-2017-4966
2017-06-13 06:29:00
osv
osv
CVE-2017-4966
2017-06-13 06:29:00
rabbitmq-server vulnerability
2023-07-31 14:27:52
rabbitmq-server - security update
2021-07-19 00:00:00
ubuntu
ubuntu
RabbitMQ vulnerability
2023-07-31 00:00:00
cvelist
cvelist
CVE-2017-4966
2017-06-13 06:00:00
debiancve
debiancve
CVE-2017-4966
2017-06-13 06:29:00
debian
debian
[SECURITY] [DLA 2710-1] rabbitmq-server security update
2021-07-19 17:21:29
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.2
Confidence
High
EPSS
0
Percentile
12.6%
Related for CVE-2017-4966