Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0240)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0240

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0240)

Resumen: The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory.

Descripción: Summary:
The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory.

Vulnerability Insight:
Updated rabbitmq-server package fixes security vulnerabilities:

RabbitMQ before 3.4.1 does not prevent /api/* from returning text/html error
messages which could act as an XSS vector (CVE-2014-9649).

RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads
(CVE-2014-9650).

In RabbitMQ before 3.4.3, some user-controllable content was not properly
HTML-escaped before being presented to a user in the management web UI.
An attacker could publish a specially crafted message, policy name, or client
version to execute arbitrary Javascript code on behalf of a user who was
viewing messages, policies, or connected clients in the management UI. In all
cases, the attacker needs a valid user account on the targeted RabbitMQ
cluster (CVE-2015-0862).

The rabbitmq-server package has been updated to version 3.5.3, fixing these
issues and several other bugs.

Affected Software/OS:
'rabbitmq-server' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0862
XForce ISS Database: ibm-rationalclm-cve20140862-rce(90895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/90895
Common Vulnerability Exposure (CVE) ID: CVE-2014-9649
BugTraq ID: 76084
http://www.securityfocus.com/bid/76084
http://www.openwall.com/lists/oss-security/2015/01/21/13
RedHat Security Advisories: RHSA-2016:0308
http://rhn.redhat.com/errata/RHSA-2016-0308.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-9650
BugTraq ID: 76091
http://www.securityfocus.com/bid/76091

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0240
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0240)
Resumen:	The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory.
Descripción:	Summary: The remote host is missing an update for the 'rabbitmq-server' package(s) announced via the MGASA-2015-0240 advisory. Vulnerability Insight: Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/* from returning text/html error messages which could act as an XSS vector (CVE-2014-9649). RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads (CVE-2014-9650). In RabbitMQ before 3.4.3, some user-controllable content was not properly HTML-escaped before being presented to a user in the management web UI. An attacker could publish a specially crafted message, policy name, or client version to execute arbitrary Javascript code on behalf of a user who was viewing messages, policies, or connected clients in the management UI. In all cases, the attacker needs a valid user account on the targeted RabbitMQ cluster (CVE-2015-0862). The rabbitmq-server package has been updated to version 3.5.3, fixing these issues and several other bugs. Affected Software/OS: 'rabbitmq-server' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0862 XForce ISS Database: ibm-rationalclm-cve20140862-rce(90895) https://exchange.xforce.ibmcloud.com/vulnerabilities/90895 Common Vulnerability Exposure (CVE) ID: CVE-2014-9649 BugTraq ID: 76084 http://www.securityfocus.com/bid/76084 http://www.openwall.com/lists/oss-security/2015/01/21/13 RedHat Security Advisories: RHSA-2016:0308 http://rhn.redhat.com/errata/RHSA-2016-0308.html Common Vulnerability Exposure (CVE) ID: CVE-2014-9650 BugTraq ID: 76091 http://www.securityfocus.com/bid/76091
Copyright	Copyright (C) 2022 Greenbone AG