CVE-2017-4965

CVE-2017-4965

Name

CVE-2017-4965

Description

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	http://www.securityfocus.com/bid/98394
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
Mitigation	https://pivotal.io/security/cve-2017-4965

Type

URI

Third Party Advisory

http://www.securityfocus.com/bid/98394

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html

Mitigation

https://pivotal.io/security/cve-2017-4965

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:::::::*`	rabbitmq_server	== None	== 3.4.0
`cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:::::::*`	rabbitmq_server	== None	== 3.4.1
`cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:::::::*`	rabbitmq_server	== None	== 3.4.2
`cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:::::::*`	rabbitmq_server	== None	== 3.4.3
`cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:::::::*`	rabbitmq_server	== None	== 3.4.4
`cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:::::::*`	rabbitmq_server	== None	== 3.5.0
`cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:::::::*`	rabbitmq_server	== None	== 3.5.1
`cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:::::::*`	rabbitmq_server	== None	== 3.5.2
`cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:::::::*`	rabbitmq_server	== None	== 3.5.3
`cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:::::::*`	rabbitmq_server	== None	== 3.5.6
`cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:::::::*`	rabbitmq_server	== None	== 3.6.7
`cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:::::::*`	rabbitmq	== None	== 3.5.4
`cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:::::::*`	rabbitmq	== None	== 3.5.5
`cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:::::::*`	rabbitmq	== None	== 3.5.7
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:::::::*`	rabbitmq	== None	== 3.6.0
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:::::::*`	rabbitmq	== None	== 3.6.1
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:::::::*`	rabbitmq	== None	== 3.6.2
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:::::::*`	rabbitmq	== None	== 3.6.3
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:::::::*`	rabbitmq	== None	== 3.6.4
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:::::::*`	rabbitmq	== None	== 3.6.5
`cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:::::::*`	rabbitmq	== None	== 3.6.6

CPE URI

Source package

Min version

Max version

cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.4.0

cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.4.1

cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.4.2

cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.4.3

cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.4.4

cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.5.0

cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.5.1

cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.5.2

cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.5.3

cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.5.6

cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:*:*:*:*:*:*:*

rabbitmq_server

== None

== 3.6.7

cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*

rabbitmq

== None

== 3.5.4

cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*

rabbitmq

== None

== 3.5.5

cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*

rabbitmq

== None

== 3.5.7

cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.0

cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.1

cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.2

cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.3

cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.4

cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.5

cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*

rabbitmq

== None

== 3.6.6

References

Match rules

Vulnerable and fixed packages