Critical severity9.8NVD Advisory· Published Dec 29, 2016· Updated May 6, 2026
CVE-2016-9877
CVE-2016-9877
Description
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Affected products
76cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- pivotal.io/security/cve-2016-9877nvdMitigationVendor Advisory
- www.debian.org/security/2017/dsa-3761nvd
- www.securityfocus.com/bid/95065nvd
- support.hpe.com/hpsc/doc/public/displaynvd
News mentions
0No linked articles in our index yet.