Medium severity6.1NVD Advisory· Published Jun 13, 2017· Updated Jun 17, 2026
CVE-2017-4967
CVE-2017-4967
Description
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
Affected products
100cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*+ 56 more
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*
- osv-coords31 versionspkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-dashboard-theme-SUSE&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-tempest&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-psql2mysql&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-psutil&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%207
< 2.2.3.0-12.2+ 30 more
- (no CPE)range: < 2.2.3.0-12.2
- (no CPE)range: < 4.0+git.1580209654.1d112d31f-9.66.5
- (no CPE)range: < 4.0+git.1585316203.d6ad2c8-4.52.4
- (no CPE)range: < 4.0+git.1589804581.9972163f0-9.71.4
- (no CPE)range: < 4.6.5-1.14.1
- (no CPE)range: < 2.0.19-1.8.1
- (no CPE)range: < 4.6.3-5.1
- (no CPE)range: < 1.5.17-3.6.1
- (no CPE)range: < 20180608_12.47-12.1
- (no CPE)range: < 2016.2-5.12.4
- (no CPE)range: < 3.0.1~dev30-4.12.2
- (no CPE)range: < 3.0.1~dev30-4.12.3
- (no CPE)range: < 9.0.2~dev5-4.9.3
- (no CPE)range: < 9.0.2~dev5-4.9.4
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 12.2.1~a0~dev177-4.9.1
- (no CPE)range: < 1.8.19-3.23.1
- (no CPE)range: < 2.8.1-4.12.1
- (no CPE)range: < 0.5.0+git.1589351878.4ef877c-1.12.1
- (no CPE)range: < 1.2.1-21.1
- (no CPE)range: < 1.8.1-11.12.1
- (no CPE)range: < 4.0.2-3.17.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 3.4.4-3.16.1
- (no CPE)range: < 7.20180803-3.18.3
- (no CPE)range: < 4.0.0-3.3.1
- (no CPE)range: < 3.9.2-7.20.1
- (no CPE)range: < 1.7.7-3.3.1
- (no CPE)range: < 2.16.0-4.6.1
- (no CPE)range: < 3.4.10-6.1
Patches
Vulnerability mechanics
References
2- lists.debian.org/debian-lts-announce/2021/07/msg00011.htmlnvdThird Party Advisory
- pivotal.io/security/cve-2017-4965nvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.