9.8

CVE-2016-9877

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BroadcomRabbitmq Server Version3.0.0
BroadcomRabbitmq Server Version3.0.1
BroadcomRabbitmq Server Version3.0.2
BroadcomRabbitmq Server Version3.0.3
BroadcomRabbitmq Server Version3.0.4
BroadcomRabbitmq Server Version3.1.0
BroadcomRabbitmq Server Version3.1.1
BroadcomRabbitmq Server Version3.1.2
BroadcomRabbitmq Server Version3.1.3
BroadcomRabbitmq Server Version3.1.4
BroadcomRabbitmq Server Version3.1.5
BroadcomRabbitmq Server Version3.2.0
BroadcomRabbitmq Server Version3.2.1
BroadcomRabbitmq Server Version3.2.2
BroadcomRabbitmq Server Version3.2.3
BroadcomRabbitmq Server Version3.2.4
BroadcomRabbitmq Server Version3.3.0
BroadcomRabbitmq Server Version3.3.1
BroadcomRabbitmq Server Version3.3.2
BroadcomRabbitmq Server Version3.3.3
BroadcomRabbitmq Server Version3.3.4
BroadcomRabbitmq Server Version3.3.5
BroadcomRabbitmq Server Version3.4.0
BroadcomRabbitmq Server Version3.4.1
BroadcomRabbitmq Server Version3.4.2
BroadcomRabbitmq Server Version3.4.3
BroadcomRabbitmq Server Version3.4.4
BroadcomRabbitmq Server Version3.5.0
BroadcomRabbitmq Server Version3.5.1
BroadcomRabbitmq Server Version3.5.2
BroadcomRabbitmq Server Version3.5.3
BroadcomRabbitmq Server Version3.5.6
Pivotal SoftwareRabbitmq Version3.5.4
Pivotal SoftwareRabbitmq Version3.5.5
Pivotal SoftwareRabbitmq Version3.5.7
Pivotal SoftwareRabbitmq Version3.6.0
Pivotal SoftwareRabbitmq Version3.6.1
Pivotal SoftwareRabbitmq Version3.6.2
Pivotal SoftwareRabbitmq Version3.6.3
Pivotal SoftwareRabbitmq Version3.6.4
Pivotal SoftwareRabbitmq Version3.6.5
Pivotal SoftwareRabbitmq Version1.5.0 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.1 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.2 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.3 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.4 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.5 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.6 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.7 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.8 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.9 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.10 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.11 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.12 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.13 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.14 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.15 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.17 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.5.18 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.0 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.1 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.2 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.3 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.4 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.5 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.6 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.7 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.8 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.9 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.6.10 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.7.0 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.7.2 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.7.3 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.7.4 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.7.5 SwPlatformpivotal_cloud_foundry
Pivotal SoftwareRabbitmq Version1.7.6 SwPlatformpivotal_cloud_foundry
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.38% 0.685
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.debian.org/security/2017/dsa-3761
http://www.securityfocus.com/bid/95065
https://pivotal.io/security/cve-2016-9877
Vendor Advisory
Mitigation
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us