CVE-2019-11287 MEDIUM

CVE-2019-11287: RabbitMQ Web Management Plugin DoS via heap overflow

Vendor Pivotal
Product RabbitMQ for Pivotal Platform
Weakness CWE-400
Published November 22, 2019
Last update September 16, 2024

CVSS base score

4.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Key dates

02Disclosure timeline

November 22, 2019 CVE published
September 16, 2024 Record updated