VYPR
High severityNVD Advisory· Published Nov 22, 2019· Updated Sep 16, 2024

RabbitMQ Web Management Plugin DoS via heap overflow

CVE-2019-11287

Description

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
RabbitMQHex
>= 3.7.0, < 3.7.213.7.21
RabbitMQHex
>= 3.8.0, < 3.8.13.8.1
RabbitMQHex
< 1.16.71.16.7
RabbitMQHex
>= 1.17.0, < 1.17.41.17.4

Affected products

54

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.