Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0240)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2015.0240

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0240)

Zusammenfassung: The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory.

Vulnerability Insight:
Updated rabbitmq-server package fixes security vulnerabilities:

RabbitMQ before 3.4.1 does not prevent /api/* from returning text/html error
messages which could act as an XSS vector (CVE-2014-9649).

RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads
(CVE-2014-9650).

In RabbitMQ before 3.4.3, some user-controllable content was not properly
HTML-escaped before being presented to a user in the management web UI.
An attacker could publish a specially crafted message, policy name, or client
version to execute arbitrary Javascript code on behalf of a user who was
viewing messages, policies, or connected clients in the management UI. In all
cases, the attacker needs a valid user account on the targeted RabbitMQ
cluster (CVE-2015-0862).

The rabbitmq-server package has been updated to version 3.5.3, fixing these
issues and several other bugs.

Affected Software/OS:
'rabbitmq-server' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0862
XForce ISS Database: ibm-rationalclm-cve20140862-rce(90895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90895
Common Vulnerability Exposure (CVE) ID: CVE-2014-9649
BugTraq ID: 76084
http://www.securityfocus.com/bid/76084
http://www.openwall.com/lists/oss-security/2015/01/21/13
RedHat Security Advisories: RHSA-2016:0308
http://rhn.redhat.com/errata/RHSA-2016-0308.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9650
BugTraq ID: 76091
http://www.securityfocus.com/bid/76091

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0240
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0240)
Zusammenfassung:	The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory. Vulnerability Insight: Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/* from returning text/html error messages which could act as an XSS vector (CVE-2014-9649). RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads (CVE-2014-9650). In RabbitMQ before 3.4.3, some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI. An attacker could publish a specially crafted message, policy name, or client version to execute arbitrary Javascript code on behalf of a user who was viewing messages, policies, or connected clients in the management UI. In all cases, the attacker needs a valid user account on the targeted RabbitMQ cluster (CVE-2015-0862). The rabbitmq-server package has been updated to version 3.5.3, fixing these issues and several other bugs. Affected Software/OS: 'rabbitmq-server' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0862 XForce ISS Database: ibm-rationalclm-cve20140862-rce(90895) https://exchange.xforce.ibmcloud.com/vulnerabilities/90895 Common Vulnerability Exposure (CVE) ID: CVE-2014-9649 BugTraq ID: 76084 http://www.securityfocus.com/bid/76084 http://www.openwall.com/lists/oss-security/2015/01/21/13 RedHat Security Advisories: RHSA-2016:0308 http://rhn.redhat.com/errata/RHSA-2016-0308.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9650 BugTraq ID: 76091 http://www.securityfocus.com/bid/76091
Copyright	Copyright (C) 2022 Greenbone AG