Vulnerability in Broadcom Rabbitmq_server

CVE-2014-9650

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/defin…

EPSS: 0.003 (55.6th percentile) — read the EPSS interpretation.

Affected products

Broadcom Rabbitmq_server — versions 2.1.0, 2.1.1, 2.2.0
N/a — versions n/a

References

RHSA-2016:0308 (x_refsource_REDHAT, vendor-advisory)
security@ubuntu.com (x_refsource_CONFIRM)
security@ubuntu.com (x_refsource_CONFIRM, Vendor Advisory)
76091 (vdb-entry, x_refsource_BID)
[oss-security] 20150121 CVE Request: XSS and response-splitting bugs in rabbitmq management plugin (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)