Vulnerability in Pivotal_software Rabbitmq

CVE-2014-9494

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.

Affected products

Pivotal_software Rabbitmq
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

rabbitmq-cve20149494-sec-bypass(99685) (vdb-entry, x_refsource_XF)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20150103 Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)