{"containers": {"cna": {"affected": [{"product": "Pivotal RabbitMQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "Pivotal RabbitMQ"}]}], "datePublic": "2017-06-12T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks."}], "problemTypes": [{"descriptions": [{"description": "XSS vulnerabilities in RabbitMQ management UI", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-19T19:06:16", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"name": "98394", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98394"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://pivotal.io/security/cve-2017-4965"}, {"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "ID": "CVE-2017-4965", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pivotal RabbitMQ", "version": {"version_data": [{"version_value": "Pivotal RabbitMQ"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS vulnerabilities in RabbitMQ management UI"}]}]}, "references": {"reference_data": [{"name": "98394", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98394"}, {"name": "https://pivotal.io/security/cve-2017-4965", "refsource": "CONFIRM", "url": "https://pivotal.io/security/cve-2017-4965"}, {"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:43.344Z"}, "title": "CVE Program Container", "references": [{"name": "98394", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98394"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pivotal.io/security/cve-2017-4965"}, {"name": "[debian-lts-announce] 20210719 [SECURITY] [DLA 2710-1] rabbitmq-server security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4965", "datePublished": "2017-06-13T06:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:43.344Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "755456D9-7249-4092-970C-230729E2F856", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "74804A09-A266-45F3-BB54-73892AD1D22D", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "08DE4A7C-EEA5-46E5-8604-041B721DC3E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "83206370-1606-4D4C-94F2-6B21885ADB6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "36AA89DA-AE78-409B-B4FF-B743490F76C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "90973C7F-E63D-4C00-BB6A-DA2F796697E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F451B7B3-9272-4184-B18A-87ED6B3D2756", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "A9166D68-CC18-4F53-9DA6-FA10B93E7702", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "BE205B46-5ACF-44B9-877A-FDC67AA7079F", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "1D0FDB23-6A99-4783-871A-CD25E20F044D", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:rabbitmq_server:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "5A315D37-F74F-4EF2-9F47-9639BEBEAB05", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "0DE6A4B2-0445-470B-B18C-2CFEB2A52455", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "0B52805C-6F10-4BCD-AA74-3E0C0FF5E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "5FE2FBE9-5D35-4273-8B83-A400D3A0136D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B11709F3-3F1C-4FC2-9F2D-87951EC04308", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "32F9F3F6-B1AF-423F-9F96-4329589B323A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "AECBDFAA-198F-4A47-835A-4E17C090DF02", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "D879D6FD-39D7-4589-8DE7-C8DAAE6F165E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "CE842A15-D676-4E00-AAD7-1088CE122876", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F40845F9-00D8-44F0-8B2E-60094A3D37CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "3772B181-64DB-43AA-99C1-21378CF91E51", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "0DA89B77-6455-40CD-931E-BB07CD9A3166", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.1:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "52350E43-4AB5-45ED-AC31-CC948DB87631", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "42856F22-74CD-4278-8EAA-2C6582A7E658", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F1C7EE64-A51B-4D02-AAC4-20F4D3FCB110", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B0D8589A-B843-4130-8CC8-3D4C464CDB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "62016F87-0B15-4D1B-A2AB-FC4769F95DB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "7DF99EF7-AFCB-4CA5-8F28-ABC9118612CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "2D9F3D8B-DDB3-4175-AAD7-8F952E9A7D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C5125B26-63EE-4FE8-97A1-DC6E11757ACA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "6AF3BAA0-0AEA-4B96-9C91-E51789844A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "DD5F0850-F34B-4E79-A46D-B74F2E90C43A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.11:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "DF23DD7D-16B4-408C-A825-C79487D79A0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.12:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "E792D92E-07A1-4E48-90CB-5EC7C99E0AF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B873D04B-704B-468D-A2B1-8E04653806F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "13C9004B-590A-45F0-8AA9-713928A8F5F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.15:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F22B84B3-438E-4E08-A02D-4A85C0C561B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.17:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "501A5F31-6DBA-4E90-8BAD-E1DFD0967D0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.18:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "3E99B39C-21AF-4F75-8D96-9B69F48C2A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.5.19:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "0CFACCBF-6C53-4A7F-AC0F-8A2D03E6D6EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "3C6E80B6-857B-4D53-B107-8667EFCCE0EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.1:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "95C7294C-C9D3-40F8-B3C9-40424D5FC124", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "66F85747-11AA-4133-B553-3C31152F0781", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "B425D53C-5713-401E-BE30-BCDE54F65857", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "758D57BA-3EA6-4036-8BDD-5BA2AAE25F77", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "036437B9-1A7F-4C60-B9FE-B38173BC6FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "408D457F-4DE5-4280-8379-083DA78ECF00", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C9D2B08D-9779-4E80-BAB6-870F81F24F7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "90F47590-6640-494F-8A93-A9AC70459DD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "5D1F88E0-4047-4ADE-A898-88FE6358D659", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "8647C50B-41CB-45CE-89E7-BB4B2759DE40", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.12:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4960386C-07D9-4367-945C-278595DB6C0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "A49DCDFA-4D98-4AEC-91A1-612B85DDFB04", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4FEB47ED-5D35-4151-B087-8324339DE5FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.15:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "65A513AD-9236-42D7-9D04-F318A5815640", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.6.16:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "6647F298-1B11-46D8-B68A-6B284BB1F7AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.0:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "9997C9C6-4918-4B74-92E4-012B58278DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.2:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "F6DB5A36-22F9-4A2C-9ED0-68D1434B06D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.3:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "33C0370F-77A5-4A51-ABF2-21793CD57043", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.4:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "4C3C0A88-66F6-46D5-9A79-BEFB654979D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.5:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "1EC26CD6-172D-4DBE-8B23-59491E4765E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.6:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "669EA6CA-3F6C-4151-986D-173F1375B32B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.7:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "69960839-7C03-4542-80D3-5C71795F8159", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.8:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "82CA3E75-AFD0-486A-9EFA-71A8CA780632", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.9:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "921374B4-B99F-4863-99D8-9FD938EF8EF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.10:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "C5344CFC-3100-4407-93E4-65594C3741B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.13:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "06B09408-573D-47A8-BC84-724DD88976E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pivotal_software:rabbitmq:1.7.14:*:*:*:*:pivotal_cloud_foundry:*:*", "matchCriteriaId": "ADF54631-875A-45C4-9C0A-4836AB1F8309", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks."}, {"lang": "es", "value": "Se detect\u00f3 un problema en estas versiones de RabbitMQ de Pivotal: todas las versiones 3.4.x, todas las versiones 3.5.x y versiones 3.6.x anteriores a 3.6.9; y en estas versiones de RabbitMQ de Pivotal para PCF: todas las versiones 1.5.x, versiones 1.6.x anteriores a 1.6.18 y versiones 1.7.x anteriores a 1.7.15. Varios formularios en la interfaz de usuario de administraci\u00f3n de RabbitMQ son vulnerables a los ataques de tipo XSS."}], "id": "CVE-2017-4965", "lastModified": "2025-04-02T14:13:43.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-13T06:29:00.457", "references": [{"source": "security_alert@emc.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98394"}, {"source": "security_alert@emc.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}, {"source": "security_alert@emc.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://pivotal.io/security/cve-2017-4965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://pivotal.io/security/cve-2017-4965"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "rabbitmq: XSS vulnerability in management UI", "id": "1448335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1448335"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks."], "name": "CVE-2017-4965", "package_state": [{"cpe": "cpe:/a:redhat:openstack:5::el6", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:rhscon:2", "fix_state": "Will not fix", "package_name": "rabbitmq-server", "product_name": "Red Hat Storage Console 2"}], "public_date": "2017-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-4965\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-4965\nhttps://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9"], "statement": "This issue affects rabbitmq-server plugins as shipped with:\n* Red Hat Storage Console 2\n* Red Hat Enterprise Linux OpenStack Platform 5,6,7\n* Red Hat OpenStack Platform 8,9,10,11\nAlthough RabbitMQ plugins are shipped in these products, no plugins are enabled or used by default. \nTo verify your environment's plugin usage, run: \n# rabbitmq-plugins list\nA future update may address this issue. Red Hat Product Security has rated this issue as having Moderate security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}