CVE-2017-4965

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
broadcomrabbitmq_server
3.4.0
broadcomrabbitmq_server
3.4.1
broadcomrabbitmq_server
3.4.2
broadcomrabbitmq_server
3.4.3
broadcomrabbitmq_server
3.4.4
broadcomrabbitmq_server
3.5.0
broadcomrabbitmq_server
3.5.1
broadcomrabbitmq_server
3.5.2
broadcomrabbitmq_server
3.5.3
broadcomrabbitmq_server
3.5.6
broadcomrabbitmq_server
3.6.7
pivotal_softwarerabbitmq
3.5.4
pivotal_softwarerabbitmq
3.5.5
pivotal_softwarerabbitmq
3.5.7
pivotal_softwarerabbitmq
3.6.0
pivotal_softwarerabbitmq
3.6.1
pivotal_softwarerabbitmq
3.6.2
pivotal_softwarerabbitmq
3.6.3
pivotal_softwarerabbitmq
3.6.4
pivotal_softwarerabbitmq
3.6.5
pivotal_softwarerabbitmq
3.6.6
pivotal_softwarerabbitmq
1.5.0
pivotal_softwarerabbitmq
1.5.1
pivotal_softwarerabbitmq
1.5.2
pivotal_softwarerabbitmq
1.5.3
pivotal_softwarerabbitmq
1.5.4
pivotal_softwarerabbitmq
1.5.5
pivotal_softwarerabbitmq
1.5.6
pivotal_softwarerabbitmq
1.5.7
pivotal_softwarerabbitmq
1.5.8
pivotal_softwarerabbitmq
1.5.9
pivotal_softwarerabbitmq
1.5.10
pivotal_softwarerabbitmq
1.5.11
pivotal_softwarerabbitmq
1.5.12
pivotal_softwarerabbitmq
1.5.13
pivotal_softwarerabbitmq
1.5.14
pivotal_softwarerabbitmq
1.5.15
pivotal_softwarerabbitmq
1.5.17
pivotal_softwarerabbitmq
1.5.18
pivotal_softwarerabbitmq
1.5.19
pivotal_softwarerabbitmq
1.6.0
pivotal_softwarerabbitmq
1.6.1
pivotal_softwarerabbitmq
1.6.2
pivotal_softwarerabbitmq
1.6.3
pivotal_softwarerabbitmq
1.6.4
pivotal_softwarerabbitmq
1.6.5
pivotal_softwarerabbitmq
1.6.6
pivotal_softwarerabbitmq
1.6.7
pivotal_softwarerabbitmq
1.6.8
pivotal_softwarerabbitmq
1.6.9
pivotal_softwarerabbitmq
1.6.10
pivotal_softwarerabbitmq
1.6.12
pivotal_softwarerabbitmq
1.6.13
pivotal_softwarerabbitmq
1.6.14
pivotal_softwarerabbitmq
1.6.15
pivotal_softwarerabbitmq
1.6.16
pivotal_softwarerabbitmq
1.7.0
pivotal_softwarerabbitmq
1.7.2
pivotal_softwarerabbitmq
1.7.3
pivotal_softwarerabbitmq
1.7.4
pivotal_softwarerabbitmq
1.7.5
pivotal_softwarerabbitmq
1.7.6
pivotal_softwarerabbitmq
1.7.7
pivotal_softwarerabbitmq
1.7.8
pivotal_softwarerabbitmq
1.7.9
pivotal_softwarerabbitmq
1.7.10
pivotal_softwarerabbitmq
1.7.13
pivotal_softwarerabbitmq
1.7.14
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rabbitmq-server
bullseye (security)
3.8.9-3+deb11u1
fixed
bullseye
3.8.9-3+deb11u1
fixed
jessie
no-dsa
wheezy
no-dsa
bookworm
3.10.8-1.1+deb12u1
fixed
bookworm (security)
3.10.8-1.1+deb12u1
fixed
sid
3.10.8-3
fixed
trixie
3.10.8-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rabbitmq-server
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
ignored
yakkety
ignored
xenial
needed
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/98394
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
https://pivotal.io/security/cve-2017-4965
http://www.securityfocus.com/bid/98394
https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html
https://pivotal.io/security/cve-2017-4965