{"containers": {"cna": {"affected": [{"product": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7", "vendor": "n/a", "versions": [{"status": "affected", "version": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7"}]}], "datePublic": "2016-12-29T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."}], "problemTypes": [{"descriptions": [{"description": "RabbitMQ authentication vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-21T09:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us"}, {"name": "95065", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95065"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2016-9877"}, {"name": "DSA-3761", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3761"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2016-9877", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7", "version": {"version_data": [{"version_value": "Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6; RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12 and 1.7.x before 1.7.7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "RabbitMQ authentication vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us"}, {"name": "95065", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95065"}, {"name": "https://pivotal.io/security/cve-2016-9877", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2016-9877"}, {"name": "DSA-3761", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3761"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:07:30.822Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us"}, {"name": "95065", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95065"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2016-9877"}, {"name": "DSA-3761", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3761"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2016-9877", "datePublished": "2016-12-29T09:02:00", "dateReserved": "2016-12-06T00:00:00", "dateUpdated": "2024-08-06T03:07:30.822Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "06A7CF1B-B1AF-4875-B744-33BBC5275B4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "092649A0-17AA-47EE-8684-7B2B6AE19870", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E503CE6E-12B0-4307-86A8-86346E856738", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "29CB62E6-AAC1-43B6-9A34-C138890F4B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A0D97FB5-0189-45ED-8239-0E3C238F7C96", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6DF9A027-4AA8-451D-B26E-3597F8513B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F48BA73-6453-498F-B33F-B630791BD41D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8D7AE34E-A49F-47E0-80A3-E7CA8771EE18", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B112A955-8FCC-4C17-90F2-13D7755CC397", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "8B8C9320-CF79-4B9A-9370-CE2EEDA848CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E67B22C7-BD10-481C-B686-DB626B6E6434", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B735947D-3A98-45D2-A37D-560FD387B85B", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "502AEBAA-CB1B-403A-B9F4-37FF027B892D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B9EB256-80BF-4F63-8A80-0E7643DAC91D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F666302C-7D25-4230-B835-2B8852CD53F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "B5A67824-47C5-494D-B8A8-7C7EDE51F979", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6530EC3A-9B67-41F2-B450-D0A8BB744AB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "B23B1DC5-BB23-4C29-9B03-7AF5E7A33050", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9677B53-A3D8-47DE-9BA5-4ACF5ED2F24D", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "9C9D13DF-807D-4E22-85A3-1674DFC570E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "9713A545-2BC0-4761-90A2-F80575A99302", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "16967835-4E17-4260-B7FD-9A85B5BE43DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B58103B8-6CD1-4DA6-B5A3-D1289B95A951", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F57DA292-66F8-4BE5-AD3B-C4400D6D1A42", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "385A9C6F-7933-4681-985E-31D7CED8B0FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "6D7EC8A4-16CB-451F-B70B-BE232F1BCAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "3BBF7FB2-3D52-45BE-813A-6F73DFAF9EC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "76B241B7-DE7C-4F95-A742-164020FCAED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "09429E70-C395-4E95-9C83-5BDC8083C0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9432656B-DB94-4E5F-83CB-38A9DA4FCA74", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "37CD714F-30CD-4254-AF41-DEBEA9053706", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:rabbitmq:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "EEC4C125-7594-4960-BF88-977D3A95D6BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."}, {"lang": "es", "value": "Un problema fue descubierto en Pivotal RabbitMQ 3.x en versiones anteriores a 3.5.8 y 3.6.x en versiones anteriores a 3.6.6 y RabbitMQ for PCF 1.5.x en versiones anteriores a 1.5.20, 1.6.x en versiones anteriores a 1.6.12 y 1.7.x en versiones anteriores a 1.7.7. Autenticaci\u00f3n de conexi\u00f3n MQTT (MQ Telemetry Transport) con un nombre de usuario/contrase\u00f1a tiene \u00e9xito si se provee un nombre de usuario existente pero la contrase\u00f1a es omitida de la petici\u00f3n de conexi\u00f3n. Conexiones que usan TLS con un certificado provisto por el cliente no est\u00e1n afectadas."}], "id": "CVE-2016-9877", "lastModified": "2024-11-21T03:01:56.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-29T09:59:00.790", "references": [{"source": "security_alert@emc.com", "url": "http://www.debian.org/security/2017/dsa-3761"}, {"source": "security_alert@emc.com", "url": "http://www.securityfocus.com/bid/95065"}, {"source": "security_alert@emc.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-9877"}, {"source": "security_alert@emc.com", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2017/dsa-3761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/95065"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://pivotal.io/security/cve-2016-9877"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03880en_us"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rabbitmq: MQTT connection authentication succeeds with empty password", "id": "1409748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409748"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected."], "name": "CVE-2016-9877", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6"}, {"cpe": "cpe:/a:redhat:openstack:5::el7", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:rhscon:2", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Storage Console 2"}], "public_date": "2016-12-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9877\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9877\nhttps://pivotal.io/security/cve-2016-9877"], "threat_severity": "Moderate", "upstream_fix": "RabbitMQ 3.5.8, RabbitMQ 3.6.6"}