CVE-2016-9877
Description
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.329
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2016-9877 are affected in RabbitMQ 3.6.5 | Windows |
| AMQP server written in Erlang (USN-3374-1) rabbitmq-server_3.2.4-1ubuntu0.1_all.deb | Linux |
| AMQP server written in Erlang (USN-3374-1) rabbitmq-server_3.5.7-1ubuntu0.16.04.2_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234