Pivotal RabbitMQ, versions 3.7.x before 3.7.21 and 3.8.x before 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions before 1.16.7 and 1.17.x versions before 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software rabbitmq |
||
vmware rabbitmq |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
redhat openstack 15 |
||
debian debian linux 9.0 |