CVE-2016-9877
N/A
N/A
Summary
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7 | Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7 | affected |
Weaknesses
- RabbitMQ authentication vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us
- http://www.securityfocus.com/bid/95065
- https://pivotal.io/security/cve-2016-9877
- http://www.debian.org/security/2017/dsa-3761
References
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us
- http://www.securityfocus.com/bid/95065
- https://pivotal.io/security/cve-2016-9877
- http://www.debian.org/security/2017/dsa-3761
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.