Security Advisory

CVE-2019-11287

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-11-22 23:26:08

Last updated 2024-09-16 22:24:51

Assigner pivotal

State PUBLISHED

Description

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

← Browse all CVEs View on cve.org ↗