Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 20.04: ASA-5012-3 Urgent MySQL Server SQL Injection Vulnerabilities

debian lts
Calendar Grey July 19, 2021
Dist Debian Esm H88
Essential security patch for rabbitmq-server resolves various XSS vulnerabilities and remote exploitation risks. Users are advised to update promptly.
Several vulnerabilities were discovered in rabbitmq-server, a message-broker software

Summary

CVE-2017-4965

Several forms in the RabbitMQ management UI are vulnerable to XSS
attacks.

CVE-2017-4966

RabbitMQ management UI stores signed-in user credentials in a
browser's local storage without expiration, making it possible to
retrieve them using a chained attack

CVE-2017-4967

Several forms in the RabbitMQ management UI are vulnerable to XSS
attacks.

CVE-2019-11281

The virtual host limits page, and the federation management UI,
which do not properly sanitize user input. A remote authenticated
malicious user with administrative access could craft a cross site
scripting attack that would gain access to virtual hosts and
policy management information

CVE-2019-11287

The "X-Reason" HTTP Header can be leveraged to insert a malicious
Erlang format string that will expand and consume the heap,
resulting in the server crashing.

CVE-2021-22116

A malicious user can exploit the vulnerability by sending

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: rabbitmq-server
Version: 3.6.6-1+deb9u1
CVE ID: CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 CVE-2019-11281

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here