Medium severity6.1NVD Advisory· Published Jun 13, 2017· Updated May 13, 2026

CVE-2017-4967

Description

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Affected products

Broadcom Corporation/Rabbitmq Server11 versions
cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:*:*:*:*:*:*:*
Pivotal Software/Rabbitmq57 versions
cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*+ 56 more
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlnvdThird Party Advisory
pivotal.io/security/cve-2017-4965nvdMitigationVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000