CVE-2017-4966

Name
CVE-2017-4966
Description
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
Mitigation https://pivotal.io/security/cve-2017-4966

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:* rabbitmq_server == None == 3.4.0
cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:* rabbitmq_server == None == 3.4.1
cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:* rabbitmq_server == None == 3.4.2
cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:* rabbitmq_server == None == 3.4.3
cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:* rabbitmq_server == None == 3.4.4
cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:* rabbitmq_server == None == 3.5.0
cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:* rabbitmq_server == None == 3.5.1
cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:* rabbitmq_server == None == 3.5.2
cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:* rabbitmq_server == None == 3.5.3
cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:* rabbitmq_server == None == 3.5.6
cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:*:*:*:*:*:*:* rabbitmq_server == None == 3.6.7
cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:* rabbitmq == None == 3.5.4
cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:* rabbitmq == None == 3.5.5
cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:* rabbitmq == None == 3.5.7
cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:* rabbitmq == None == 3.6.0
cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:* rabbitmq == None == 3.6.1
cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:* rabbitmq == None == 3.6.2
cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:* rabbitmq == None == 3.6.3
cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:* rabbitmq == None == 3.6.4
cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:* rabbitmq == None == 3.6.5
cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:* rabbitmq == None == 3.6.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status