- Home
- CVEs with nessus.description==According to its self-reported version, the version of Pivotal RabbitMQ running on the remote web server is 3.4.x, 3.5.x, or 3.6.x prior to 3.6.9. It is, therefore, affected by multiple vulnerabilities :
- Multiple cross-site scripting (XSS) vulnerabilities exist in the Management user interface due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-4965, CVE-2017-4967)
- An information disclosure vulnerability exists in credential caching due to credentials being cached locally in the browser and not expiring. A local attacker can exploit this, via a chained attack, to disclose user credentials. (CVE-2017-4966)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top