{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-29T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "RHSA-2016:0308", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html"}, {"name": "76084", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76084"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"}, {"name": "[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/21/13"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2014-9649", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2016:0308", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html"}, {"name": "76084", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76084"}, {"name": "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs"}, {"name": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt", "refsource": "CONFIRM", "url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"}, {"name": "[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/21/13"}]}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2014-9649", "datePublished": "2015-01-27T17:00:00", "dateReserved": "2015-01-27T00:00:00", "dateUpdated": "2016-12-01T15:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:rabbitmq:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCA9250D-E56A-4456-AF66-E1B5960730D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DC84D99-7C05-4B3C-9E81-1F2B4605CACF", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E27D4E23-DC8F-4C28-A437-2EDB14568B09", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A70F4EE8-30B9-4341-B9B2-2BB9BC8256BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "4126A1FD-C997-4AB7-897B-7D8816B21C15", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB18CD-DF57-468B-8203-0B2C202C4E42", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B635EF9-23B4-4B32-8A74-ED61AE321777", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B44AC80-3C70-478F-87D1-AE390234BEBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "72354DE3-C303-4678-B520-8CD1503BF6DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FAFCD9A-F22A-4B03-8645-ABB8A1F3441F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A9AA09F-7E85-4068-ABF4-2881B56D6F37", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E3973C4-487C-4576-9BDF-05FC40382D98", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "50164916-6B87-4750-9A74-7F27E447F583", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DDC91BE-4BA4-44D4-8B8A-DB3A20C5BF68", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC77081E-5553-41F8-9AF7-BB5526E0FC3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "694F03E0-7205-4EB5-9DAD-172A6B58C9DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "96B36B27-D837-4D38-84CE-6CB7D61F9E66", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "30E3EB68-8570-4EB8-8B97-F2B6D5F4005A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "FF40EEE5-BCDB-4EA3-AF10-863F7AA2FFA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "33500CAA-527F-4F00-94A1-006526BF976F", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:2.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "74754CC6-462E-4C5D-AC38-2F04E621B25A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "06A7CF1B-B1AF-4875-B744-33BBC5275B4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "092649A0-17AA-47EE-8684-7B2B6AE19870", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E503CE6E-12B0-4307-86A8-86346E856738", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "29CB62E6-AAC1-43B6-9A34-C138890F4B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A0D97FB5-0189-45ED-8239-0E3C238F7C96", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DF9A027-4AA8-451D-B26E-3597F8513B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F48BA73-6453-498F-B33F-B630791BD41D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D7AE34E-A49F-47E0-80A3-E7CA8771EE18", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B112A955-8FCC-4C17-90F2-13D7755CC397", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8B8C9320-CF79-4B9A-9370-CE2EEDA848CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E67B22C7-BD10-481C-B686-DB626B6E6434", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B735947D-3A98-45D2-A37D-560FD387B85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "502AEBAA-CB1B-403A-B9F4-37FF027B892D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B9EB256-80BF-4F63-8A80-0E7643DAC91D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F666302C-7D25-4230-B835-2B8852CD53F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5A67824-47C5-494D-B8A8-7C7EDE51F979", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6530EC3A-9B67-41F2-B450-D0A8BB744AB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B23B1DC5-BB23-4C29-9B03-7AF5E7A33050", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C9D13DF-807D-4E22-85A3-1674DFC570E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9713A545-2BC0-4761-90A2-F80575A99302", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "16967835-4E17-4260-B7FD-9A85B5BE43DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el plugin de gesti\u00f3n en RabbitMQ 2.1.0 hasta 3.4.x anterior a 3.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la informaci\u00f3n de rutas en api/, lo que no se maneja correctamente en un mensaje de error."}], "id": "CVE-2014-9649", "lastModified": "2023-11-07T02:23:09.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-01-27T20:02:39.637", "references": [{"source": "security@ubuntu.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-0308.html"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2015/01/21/13"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://www.rabbitmq.com/release-notes/README-3.4.1.txt"}, {"source": "security@ubuntu.com", "url": "http://www.securityfocus.com/bid/76084"}, {"source": "security@ubuntu.com", "url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/-3Z2FyGtXhs"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}