Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0078 advisory.

    RabbitMQ is an implementation of AMQP, the emerging standard for high     performance enterprise messaging. The RabbitMQ server is a robust and     scalable implementation of an AMQP broker.

    Security Fix(es):

    * X-Reason HTTP Header can be leveraged to insert a malicious string     leading to DoS (CVE-2019-11287)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2710 advisory.

  - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and     3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions     prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are     vulnerable to XSS attacks. (CVE-2017-4965, CVE-2017-4967)

  - An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and     3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions     prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user     credentials in a browser's local storage without expiration, making it possible to retrieve them using a     chained attack. (CVE-2017-4966)

  - Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13,     versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual     host limits page, and the federation management UI, which do not properly sanitize user input. A remote     authenticated malicious user with administrative access could craft a cross site scripting attack that     would gain access to virtual hosts and policy management information. (CVE-2019-11281)

  - Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal     Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management     plugin that is vulnerable to a denial of service attack. The X-Reason HTTP Header can be leveraged to     insert a malicious Erlang format string that will expand and consume the heap, resulting in the server     crashing. (CVE-2019-11287)

  - RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input     validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by     sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
    (CVE-2021-22116)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5004-1 advisory.

    It was discovered that RabbitMQ incorrectly handled certain inputs. An attacker could possibly use this     issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 LTS.
    (CVE-2019-11287)

    Jonathan Knudsen discovered RabbitMQ incorrectly handled certain inputs. An attacker could possibly use     this issue to cause a denial of service. (CVE-2021-22116)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The 'X-Reason' HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

- RabbitMQ ver. 3.7.22

  - CVE-2019-11281

  - CVE-2019-11287

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
170311	RHEL 8 : rabbitmq-server (RHSA-2020:0078)	Nessus	Red Hat Local Security Checks	medium
152075	Debian DLA-2710-1 : rabbitmq-server - LTS security update	Nessus	Debian Local Security Checks	high
150995	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : RabbitMQ vulnerabilities (USN-5004-1)	Nessus	Ubuntu Local Security Checks	high
144632	Pivotal RabbitMQ 3.7.x < 3.7.21 / 3.8.x < 3.8.1 Denial of Service	Nessus	Misc.	high
131793	Fedora 30 : rabbitmq-server (2019-74d2feb5be)	Nessus	Fedora Local Security Checks	medium
131790	Fedora 31 : rabbitmq-server (2019-6497f51791)	Nessus	Fedora Local Security Checks	medium

Detections

Analytics

CVE-2019-11287

high

Tenable Plugins

medium

high

high

high

medium

medium