[Bug 1185515] New: RabbitMQ: /api/definitions rsponse splitting vulnerability

Sat, 24 Jan 2015 10:40:19 -0800 

https://bugzilla.redhat.com/show_bug.cgi?id=1185515

            Bug ID: 1185515
           Summary: RabbitMQ: /api/definitions rsponse splitting
                    vulnerability
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected],
                    [email protected], [email protected], [email protected],
                    [email protected]



26433 fix response-splitting vulnerability in /api/downloads (since 2.1.0) 

Bug 26433 allowed an attacker to specify a URL to /api/definitions which 
would cause an arbitrary additional header to be returned. This was 
fixed by stripping out CR/LF from the "download" query string parameter.

Upstream patches:
http://hg.rabbitmq.com/rabbitmq-management/rev/dceba16cc105

References:
https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
erlang mailing list
[email protected]
https://lists.fedoraproject.org/mailman/listinfo/erlang

Reply via email to