CVE-2019-11287
Description
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The X-Reason HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.051
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2019-11287,CVE-2019-11291 are affected in RabbitMQ 3.8.0 | Windows |
| AMQP server written in Erlang (USN-5004-1) rabbitmq-server_3.8.2-0ubuntu1.3_all.deb | Linux |
| AMQP server written in Erlang (USN-5004-1) rabbitmq-server_3.8.5-1ubuntu0.2_all.deb | Linux |
| AMQP server written in Erlang (USN-5004-1) rabbitmq-server_3.8.9-2ubuntu0.1_all.deb | Linux |
| AMQP server written in Erlang (USN-5004-1) rabbitmq-server_3.6.10-1ubuntu0.5_all.deb | Linux |
| Use of Externally-Controlled Format String Vulnerability (CVE-2019-11287) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234