Free vulnerability management software
Mageni is a free, open-source, and powerful vulnerability management platform that takes the pain out of cybersecurity and vulnerability management.
Download Now
Debian LTS: Security Advisory for rabbitmq-server (DLA-2710-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the DLA-2710-1 advisory.
Insight
Insight
Several vulnerabilities were discovered in rabbitmq-server, a message-broker software. CVE-2017-4965 Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. CVE-2017-4966 RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack CVE-2017-4967 Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. CVE-2019-11281 The virtual host limits page, and the federation management UI, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack that would gain access to virtual hosts and policy management information CVE-2019-11287 The 'X-Reason' HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. CVE-2021-22116 A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance.
Affected Software
Affected Software
'rabbitmq-server' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 9 stretch, these problems have been fixed in version 3.6.6-1+deb9u1. We recommend that you upgrade your rabbitmq-server packages.
Common Vulnerabilities and Exposures (CVE)
References
Ease with a few clicks your vulnerability scanning, assessment and management process
Mageni is a free and open-source vulnerability management software. Download it now.
1. Download Multipass
2. Launch a multipass instance
3. Install Mageni
1. If you don’t have it already, install Brew. Then, to install Multipass simply execute:
2. Launch a multipass instance
2. Install Mageni
1. Download the installer for Windows
2. Ensure your network is private
3. Run the installer
4. Launch a multipass instance
5. Log into the multipass instance
6. Install Mageni