CVE-2014-9650
Description
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CRLF injection in RabbitMQ management plugin allows remote attackers to inject arbitrary HTTP headers via the download parameter to api/definitions.
Vulnerability
A CRLF injection vulnerability exists in the management plugin of RabbitMQ versions 2.1.0 through 3.4.x prior to 3.4.1. The flaw resides in the /api/definitions endpoint, where the download parameter is not properly sanitized, allowing an attacker to inject arbitrary HTTP headers into the server's response [1][2]. This issue was tracked as bug 26433 in RabbitMQ's issue tracker [2].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request to the management plugin (typically exposed on port 15672). The attacker includes CRLF sequences (e.g., %0d%0a) in the download parameter of a request to /api/definitions. This causes the server to return a response containing the injected headers, enabling HTTP response splitting [1][2]. No special privileges or user interaction are required.
Impact
Successful exploitation allows the attacker to inject arbitrary HTTP headers into the server's response. This can lead to HTTP response splitting attacks, which may be leveraged for cache poisoning, cross-site scripting, or session hijacking. The Red Hat advisory notes that this could potentially allow an attacker to gain access to secure data [1].
Mitigation
The vulnerability is fixed in RabbitMQ version 3.4.1 [2]. Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 received backported patches via RHSA-2016:0308 [1]. Users should upgrade to RabbitMQ 3.4.1 or later, or apply the relevant vendor patches. No workarounds are documented. This CVE is not listed in the Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
45cpe:2.3:a:broadcom:rabbitmq_server:2.1.0:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:broadcom:rabbitmq_server:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*
- Range: >=2.1.0, <=3.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.openwall.com/lists/oss-security/2015/01/21/13nvdMailing ListThird Party Advisory
- www.rabbitmq.com/release-notes/README-3.4.1.txtnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-0308.htmlnvd
- www.securityfocus.com/bid/76091nvd
- groups.google.com/forum/nvd
News mentions
0No linked articles in our index yet.