CVE-2019-11287

Description

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v3.0•MEDIUM•Score: 4.5CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 4.60%• Percentile: 89%

Techniques & Countermeasures

• CWE-134•Use of Externally-Controlled Format String

  The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

• CWE-400•Uncontrolled Resource Consumption

  The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

• broadcom•rabbitmq_server

  ≥ 3.8.0, < 3.8.1

• debian•debian_linux

  9.0

• fedoraproject•fedora

  30 | 31

• pivotal_software•rabbitmq

  ≥ 1.16.0, < 1.16.7 | ≥ 1.17.0, < 1.17.4 | ≥ 3.7.0, < 3.7.21

• pivotal•rabbitmq

  ≥ 3.7, < v3.7.21 | ≥ 3.8, < v3.8.1

• pivotal•rabbitmq for pivotal platform

  ≥ 1.16, < 1.16.7 | ≥ 1.17, < 1.17.4

• redhat•openstack

  15

References (6)

• https://pivotal.io/security/cve-2019-11287
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEQ6O7PMNJKYFMQYHAB55L423GYK63SO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/
• https://access.redhat.com/errata/RHSA-2020:0078
• https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin
• https://lists.debian.org/debian-lts-announce/2021/07/msg00011.html