9.8

CVE-2016-9877

EPSS 0.33%
Published 29.12.2016 09:59:00
Last modified 12.04.2025 10:46:40
Source security_alert@emc.com
Teams watchlist Login
Open Login

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Broadcom ≫ Rabbitmq Server Version3.0.0

Broadcom ≫ Rabbitmq Server Version3.0.1

Broadcom ≫ Rabbitmq Server Version3.0.2

Broadcom ≫ Rabbitmq Server Version3.0.3

Broadcom ≫ Rabbitmq Server Version3.0.4

Broadcom ≫ Rabbitmq Server Version3.1.0

Broadcom ≫ Rabbitmq Server Version3.1.1

Broadcom ≫ Rabbitmq Server Version3.1.2

Broadcom ≫ Rabbitmq Server Version3.1.3

Broadcom ≫ Rabbitmq Server Version3.1.4

Broadcom ≫ Rabbitmq Server Version3.1.5

Broadcom ≫ Rabbitmq Server Version3.2.0

Broadcom ≫ Rabbitmq Server Version3.2.1

Broadcom ≫ Rabbitmq Server Version3.2.2

Broadcom ≫ Rabbitmq Server Version3.2.3

Broadcom ≫ Rabbitmq Server Version3.2.4

Broadcom ≫ Rabbitmq Server Version3.3.0

Broadcom ≫ Rabbitmq Server Version3.3.1

Broadcom ≫ Rabbitmq Server Version3.3.2

Broadcom ≫ Rabbitmq Server Version3.3.3

Broadcom ≫ Rabbitmq Server Version3.3.4

Broadcom ≫ Rabbitmq Server Version3.3.5

Broadcom ≫ Rabbitmq Server Version3.4.0

Broadcom ≫ Rabbitmq Server Version3.4.1

Broadcom ≫ Rabbitmq Server Version3.4.2

Broadcom ≫ Rabbitmq Server Version3.4.3

Broadcom ≫ Rabbitmq Server Version3.4.4

Broadcom ≫ Rabbitmq Server Version3.5.0

Broadcom ≫ Rabbitmq Server Version3.5.1

Broadcom ≫ Rabbitmq Server Version3.5.2

Broadcom ≫ Rabbitmq Server Version3.5.3

Broadcom ≫ Rabbitmq Server Version3.5.6

Pivotal Software ≫ Rabbitmq Version3.5.4

Pivotal Software ≫ Rabbitmq Version3.5.5

Pivotal Software ≫ Rabbitmq Version3.5.7

Pivotal Software ≫ Rabbitmq Version3.6.0

Pivotal Software ≫ Rabbitmq Version3.6.1

Pivotal Software ≫ Rabbitmq Version3.6.2

Pivotal Software ≫ Rabbitmq Version3.6.3

Pivotal Software ≫ Rabbitmq Version3.6.4

Pivotal Software ≫ Rabbitmq Version3.6.5

Pivotal Software ≫ Rabbitmq Version1.5.0 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.1 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.2 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.3 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.4 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.5 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.6 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.7 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.8 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.9 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.10 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.11 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.12 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.13 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.14 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.15 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.17 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.5.18 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.0 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.1 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.2 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.3 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.4 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.5 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.6 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.7 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.8 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.9 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.6.10 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.7.0 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.7.2 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.7.3 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.7.4 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.7.5 SwPlatformpivotal_cloud_foundry

Pivotal Software ≫ Rabbitmq Version1.7.6 SwPlatformpivotal_cloud_foundry

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.33%	0.552

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.debian.org/security/2017/dsa-3761

http://www.securityfocus.com/bid/95065

https://pivotal.io/security/cve-2016-9877

Vendor Advisory

Mitigation

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us

https://nvd.nist.gov/vuln/detail/CVE-2016-9877

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9877

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9877

EUVD