CVE-2016-9877 (GCVE-0-2016-9877)

Vulnerability from cvelistv5 – Published: 2016-12-29 09:02 – Updated: 2024-08-06 03:07
VLAI?
Summary
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Severity ?
No CVSS data available.
CWE
  • RabbitMQ authentication vulnerability
Assigner
References
Impacted products
Vendor Product Version
n/a Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7 Affected: Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:30.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us"
          },
          {
            "name": "95065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2016-9877"
          },
          {
            "name": "DSA-3761",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3761"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7"
            }
          ]
        }
      ],
      "datePublic": "2016-12-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RabbitMQ authentication vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-21T09:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us"
        },
        {
          "name": "95065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2016-9877"
        },
        {
          "name": "DSA-3761",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3761"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-9877",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "RabbitMQ authentication vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us"
            },
            {
              "name": "95065",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95065"
            },
            {
              "name": "https://pivotal.io/security/cve-2016-9877",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2016-9877"
            },
            {
              "name": "DSA-3761",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3761"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-9877",
    "datePublished": "2016-12-29T09:02:00",
    "dateReserved": "2016-12-06T00:00:00",
    "dateUpdated": "2024-08-06T03:07:30.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DE6A4B2-0445-470B-B18C-2CFEB2A52455\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FE2FBE9-5D35-4273-8B83-A400D3A0136D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B11709F3-3F1C-4FC2-9F2D-87951EC04308\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32F9F3F6-B1AF-423F-9F96-4329589B323A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AECBDFAA-198F-4A47-835A-4E17C090DF02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D879D6FD-39D7-4589-8DE7-C8DAAE6F165E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE842A15-D676-4E00-AAD7-1088CE122876\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F40845F9-00D8-44F0-8B2E-60094A3D37CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06A7CF1B-B1AF-4875-B744-33BBC5275B4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"092649A0-17AA-47EE-8684-7B2B6AE19870\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E503CE6E-12B0-4307-86A8-86346E856738\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29CB62E6-AAC1-43B6-9A34-C138890F4B5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0D97FB5-0189-45ED-8239-0E3C238F7C96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DF9A027-4AA8-451D-B26E-3597F8513B97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F48BA73-6453-498F-B33F-B630791BD41D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D7AE34E-A49F-47E0-80A3-E7CA8771EE18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B112A955-8FCC-4C17-90F2-13D7755CC397\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B8C9320-CF79-4B9A-9370-CE2EEDA848CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E67B22C7-BD10-481C-B686-DB626B6E6434\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B735947D-3A98-45D2-A37D-560FD387B85B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"502AEBAA-CB1B-403A-B9F4-37FF027B892D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B9EB256-80BF-4F63-8A80-0E7643DAC91D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F666302C-7D25-4230-B835-2B8852CD53F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5A67824-47C5-494D-B8A8-7C7EDE51F979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6530EC3A-9B67-41F2-B450-D0A8BB744AB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B23B1DC5-BB23-4C29-9B03-7AF5E7A33050\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C9D13DF-807D-4E22-85A3-1674DFC570E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9713A545-2BC0-4761-90A2-F80575A99302\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16967835-4E17-4260-B7FD-9A85B5BE43DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B58103B8-6CD1-4DA6-B5A3-D1289B95A951\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F57DA292-66F8-4BE5-AD3B-C4400D6D1A42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"385A9C6F-7933-4681-985E-31D7CED8B0FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76B241B7-DE7C-4F95-A742-164020FCAED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09429E70-C395-4E95-9C83-5BDC8083C0AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9432656B-DB94-4E5F-83CB-38A9DA4FCA74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37CD714F-30CD-4254-AF41-DEBEA9053706\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEC4C125-7594-4960-BF88-977D3A95D6BC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"0DA89B77-6455-40CD-931E-BB07CD9A3166\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"52350E43-4AB5-45ED-AC31-CC948DB87631\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"42856F22-74CD-4278-8EAA-2C6582A7E658\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"B0D8589A-B843-4130-8CC8-3D4C464CDB4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"62016F87-0B15-4D1B-A2AB-FC4769F95DB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"C5125B26-63EE-4FE8-97A1-DC6E11757ACA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"6AF3BAA0-0AEA-4B96-9C91-E51789844A39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"DD5F0850-F34B-4E79-A46D-B74F2E90C43A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"DF23DD7D-16B4-408C-A825-C79487D79A0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"E792D92E-07A1-4E48-90CB-5EC7C99E0AF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"B873D04B-704B-468D-A2B1-8E04653806F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"13C9004B-590A-45F0-8AA9-713928A8F5F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"F22B84B3-438E-4E08-A02D-4A85C0C561B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"3E99B39C-21AF-4F75-8D96-9B69F48C2A39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"3C6E80B6-857B-4D53-B107-8667EFCCE0EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"95C7294C-C9D3-40F8-B3C9-40424D5FC124\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"66F85747-11AA-4133-B553-3C31152F0781\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"B425D53C-5713-401E-BE30-BCDE54F65857\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"758D57BA-3EA6-4036-8BDD-5BA2AAE25F77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"036437B9-1A7F-4C60-B9FE-B38173BC6FAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"408D457F-4DE5-4280-8379-083DA78ECF00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"C9D2B08D-9779-4E80-BAB6-870F81F24F7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"90F47590-6640-494F-8A93-A9AC70459DD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"5D1F88E0-4047-4ADE-A898-88FE6358D659\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"8647C50B-41CB-45CE-89E7-BB4B2759DE40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"9997C9C6-4918-4B74-92E4-012B58278DEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"33C0370F-77A5-4A51-ABF2-21793CD57043\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"4C3C0A88-66F6-46D5-9A79-BEFB654979D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"1EC26CD6-172D-4DBE-8B23-59491E4765E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*\", \"matchCriteriaId\": \"669EA6CA-3F6C-4151-986D-173F1375B32B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.\"}, {\"lang\": \"es\", \"value\": \"Un problema fue descubierto en Pivotal RabbitMQ 3.x en versiones anteriores a 3.5.8 y 3.6.x en versiones anteriores a 3.6.6 y RabbitMQ for PCF 1.5.x en versiones anteriores a 1.5.20, 1.6.x en versiones anteriores a 1.6.12 y 1.7.x en versiones anteriores a 1.7.7. Autenticaci\\u00f3n de conexi\\u00f3n MQTT (MQ Telemetry Transport) con un nombre de usuario/contrase\\u00f1a tiene \\u00e9xito si se provee un nombre de usuario existente pero la contrase\\u00f1a es omitida de la petici\\u00f3n de conexi\\u00f3n. Conexiones que usan TLS con un certificado provisto por el cliente no est\\u00e1n afectadas.\"}]",
      "id": "CVE-2016-9877",
      "lastModified": "2024-11-21T03:01:56.197",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-12-29T09:59:00.790",
      "references": "[{\"url\": \"http://www.debian.org/security/2017/dsa-3761\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securityfocus.com/bid/95065\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"https://pivotal.io/security/cve-2016-9877\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.debian.org/security/2017/dsa-3761\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/95065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://pivotal.io/security/cve-2016-9877\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9877\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2016-12-29T09:59:00.790\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.\"},{\"lang\":\"es\",\"value\":\"Un problema fue descubierto en Pivotal RabbitMQ 3.x en versiones anteriores a 3.5.8 y 3.6.x en versiones anteriores a 3.6.6 y RabbitMQ for PCF 1.5.x en versiones anteriores a 1.5.20, 1.6.x en versiones anteriores a 1.6.12 y 1.7.x en versiones anteriores a 1.7.7. Autenticaci\u00f3n de conexi\u00f3n MQTT (MQ Telemetry Transport) con un nombre de usuario/contrase\u00f1a tiene \u00e9xito si se provee un nombre de usuario existente pero la contrase\u00f1a es omitida de la petici\u00f3n de conexi\u00f3n. Conexiones que usan TLS con un certificado provisto por el cliente no est\u00e1n afectadas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A123A0-1EDC-4EF6-9300-A265837EC18C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC1069E3-5DAE-4B10-A18E-2FB8BE9CF8EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"856A46DD-B7B0-4649-9ADC-6927BDDFC2FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4AA3927-F1D2-472D-A505-5CED02059978\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A465750-6168-4319-866B-D844EB4C88FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D27EDB36-9C20-471D-AFE3-36F62A2C106C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"682BA23A-199F-4591-AD30-EF43B34C227F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D55283F-EA8E-4D12-B49E-D5392242CCF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE08D41D-9782-44B1-A051-EF4BEC861C51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DA0EBB7-35CF-4C57-99E3-F5AA0F09781F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"051E5698-D006-4BE9-9C7E-5E70654CC1E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D29505A-FE4D-4CC2-96EA-13439B1536D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B7EA539-A2AB-4FD4-8CB5-575A594437F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EB3E04F-7C2D-4121-94E6-09C31BA44C37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFAC64E9-0DF2-4350-B2A9-225E841CCF74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8691A77-2BD3-4C6B-97BA-C5904149D9DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B22BC770-52AF-44DD-BEC7-B989B8C08717\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1CE91D7-DA1B-4547-B903-A2536E4B3EA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B1078BE-B70C-4419-95AC-68ED4AC56EDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27719DEB-CC36-4DAB-8564-248263F48010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7975F3B-30A9-445B-9D39-8A308670264B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80944B21-FAC3-49A6-878F-173B5A5AD24E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"755456D9-7249-4092-970C-230729E2F856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74804A09-A266-45F3-BB54-73892AD1D22D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08DE4A7C-EEA5-46E5-8604-041B721DC3E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83206370-1606-4D4C-94F2-6B21885ADB6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36AA89DA-AE78-409B-B4FF-B743490F76C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90973C7F-E63D-4C00-BB6A-DA2F796697E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F451B7B3-9272-4184-B18A-87ED6B3D2756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9166D68-CC18-4F53-9DA6-FA10B93E7702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE205B46-5ACF-44B9-877A-FDC67AA7079F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D0FDB23-6A99-4783-871A-CD25E20F044D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DE6A4B2-0445-470B-B18C-2CFEB2A52455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FE2FBE9-5D35-4273-8B83-A400D3A0136D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B11709F3-3F1C-4FC2-9F2D-87951EC04308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F9F3F6-B1AF-423F-9F96-4329589B323A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AECBDFAA-198F-4A47-835A-4E17C090DF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D879D6FD-39D7-4589-8DE7-C8DAAE6F165E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE842A15-D676-4E00-AAD7-1088CE122876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F40845F9-00D8-44F0-8B2E-60094A3D37CE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"0DA89B77-6455-40CD-931E-BB07CD9A3166\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"52350E43-4AB5-45ED-AC31-CC948DB87631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"42856F22-74CD-4278-8EAA-2C6582A7E658\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"B0D8589A-B843-4130-8CC8-3D4C464CDB4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"62016F87-0B15-4D1B-A2AB-FC4769F95DB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"C5125B26-63EE-4FE8-97A1-DC6E11757ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"6AF3BAA0-0AEA-4B96-9C91-E51789844A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"DD5F0850-F34B-4E79-A46D-B74F2E90C43A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"DF23DD7D-16B4-408C-A825-C79487D79A0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"E792D92E-07A1-4E48-90CB-5EC7C99E0AF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"B873D04B-704B-468D-A2B1-8E04653806F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"13C9004B-590A-45F0-8AA9-713928A8F5F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"F22B84B3-438E-4E08-A02D-4A85C0C561B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"3E99B39C-21AF-4F75-8D96-9B69F48C2A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"3C6E80B6-857B-4D53-B107-8667EFCCE0EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"95C7294C-C9D3-40F8-B3C9-40424D5FC124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"66F85747-11AA-4133-B553-3C31152F0781\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"B425D53C-5713-401E-BE30-BCDE54F65857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"758D57BA-3EA6-4036-8BDD-5BA2AAE25F77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"036437B9-1A7F-4C60-B9FE-B38173BC6FAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"408D457F-4DE5-4280-8379-083DA78ECF00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"C9D2B08D-9779-4E80-BAB6-870F81F24F7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"90F47590-6640-494F-8A93-A9AC70459DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"5D1F88E0-4047-4ADE-A898-88FE6358D659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"8647C50B-41CB-45CE-89E7-BB4B2759DE40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"9997C9C6-4918-4B74-92E4-012B58278DEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"33C0370F-77A5-4A51-ABF2-21793CD57043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"4C3C0A88-66F6-46D5-9A79-BEFB654979D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"1EC26CD6-172D-4DBE-8B23-59491E4765E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*\",\"matchCriteriaId\":\"669EA6CA-3F6C-4151-986D-173F1375B32B\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3761\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/bid/95065\",\"source\":\"security_alert@emc.com\"},{\"url\":\"https://pivotal.io/security/cve-2016-9877\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3761\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/95065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pivotal.io/security/cve-2016-9877\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03880en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.