Pivotal Software RabbitMQ 3.6.0
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal_software:rabbitmq:3.6.0:*:*:*:*:*:*:*
part: a version: 3.6.0 update: *
| Vendor | Pivotal Software (a7eef617-cad9-5400-bbf0-2e56b16d90a7) |
|---|---|
| Product | Rabbitmq (dd2f239b-e32d-54ca-881b-95473b581309) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/rabbitmq-server |
purl2cpe | 2026-06-01 10:11:00.683425 |
pkg:github/rabbitmq/rabbitmq-server |
purl2cpe | 2026-06-01 10:11:00.683427 |
pkg:rpm/fedora/rabbitmq-server |
purl2cpe | 2026-06-01 10:11:00.683428 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-4967 |
vulnerable | 2026-06-03 14:37:18.139175 |
Details available
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
Published: 2017-06-13T06:00:00.000Z
Updated: 2024-08-05T14:47:43.349Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-4966 |
vulnerable | 2026-06-03 14:37:18.136864 |
Details available
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
Published: 2017-06-13T06:00:00.000Z
Updated: 2024-08-05T14:47:44.070Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-4965 |
vulnerable | 2026-06-03 14:37:18.094372 |
Details available
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
Published: 2017-06-13T06:00:00.000Z
Updated: 2024-08-05T14:47:43.344Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9877 |
vulnerable | 2026-06-03 14:36:17.710776 |
Details available
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Published: 2016-12-29T09:02:00.000Z
Updated: 2024-08-06T03:07:30.822Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-8786 |
vulnerable | 2026-06-03 14:35:12.903588 |
Details available
The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.
Published: 2016-12-09T20:00:00.000Z
Updated: 2024-08-06T08:29:21.993Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.