CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11287

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 73.3%

CVSS Severity

CVSS v3 Score 4.5

CVSS v2 Score 5.0

References

Products affected by CVE-2019-11287

Broadcom » Rabbitmq Server » Version: 3.8.0

cpe:2.3:a:broadcom:rabbitmq_server:3.8.0
Pivotal Software » Rabbitmq » Version: 1.16.0

cpe:2.3:a:pivotal_software:rabbitmq:1.16.0
Pivotal Software » Rabbitmq » Version: 1.16.1.3

cpe:2.3:a:pivotal_software:rabbitmq:1.16.1.3
Pivotal Software » Rabbitmq » Version: 1.16.3

cpe:2.3:a:pivotal_software:rabbitmq:1.16.3
Pivotal Software » Rabbitmq » Version: 1.16.4

cpe:2.3:a:pivotal_software:rabbitmq:1.16.4
Pivotal Software » Rabbitmq » Version: 1.16.5

cpe:2.3:a:pivotal_software:rabbitmq:1.16.5
Pivotal Software » Rabbitmq » Version: 1.16.6

cpe:2.3:a:pivotal_software:rabbitmq:1.16.6
Pivotal Software » Rabbitmq » Version: 1.17.0

cpe:2.3:a:pivotal_software:rabbitmq:1.17.0
Pivotal Software » Rabbitmq » Version: 1.17.1

cpe:2.3:a:pivotal_software:rabbitmq:1.17.1
Pivotal Software » Rabbitmq » Version: 1.17.3

cpe:2.3:a:pivotal_software:rabbitmq:1.17.3
Pivotal Software » Rabbitmq » Version: 3.7.0

cpe:2.3:a:pivotal_software:rabbitmq:3.7.0
Pivotal Software » Rabbitmq » Version: 3.7.1

cpe:2.3:a:pivotal_software:rabbitmq:3.7.1
Pivotal Software » Rabbitmq » Version: 3.7.10

cpe:2.3:a:pivotal_software:rabbitmq:3.7.10
Pivotal Software » Rabbitmq » Version: 3.7.11

cpe:2.3:a:pivotal_software:rabbitmq:3.7.11
Pivotal Software » Rabbitmq » Version: 3.7.12

cpe:2.3:a:pivotal_software:rabbitmq:3.7.12
Pivotal Software » Rabbitmq » Version: 3.7.13

cpe:2.3:a:pivotal_software:rabbitmq:3.7.13
Pivotal Software » Rabbitmq » Version: 3.7.14

cpe:2.3:a:pivotal_software:rabbitmq:3.7.14
Pivotal Software » Rabbitmq » Version: 3.7.15

cpe:2.3:a:pivotal_software:rabbitmq:3.7.15
Pivotal Software » Rabbitmq » Version: 3.7.16

cpe:2.3:a:pivotal_software:rabbitmq:3.7.16
Pivotal Software » Rabbitmq » Version: 3.7.17

cpe:2.3:a:pivotal_software:rabbitmq:3.7.17
Pivotal Software » Rabbitmq » Version: 3.7.18

cpe:2.3:a:pivotal_software:rabbitmq:3.7.18
Pivotal Software » Rabbitmq » Version: 3.7.19

cpe:2.3:a:pivotal_software:rabbitmq:3.7.19
Pivotal Software » Rabbitmq » Version: 3.7.2

cpe:2.3:a:pivotal_software:rabbitmq:3.7.2
Pivotal Software » Rabbitmq » Version: 3.7.20

cpe:2.3:a:pivotal_software:rabbitmq:3.7.20
Pivotal Software » Rabbitmq » Version: 3.7.3

cpe:2.3:a:pivotal_software:rabbitmq:3.7.3
Pivotal Software » Rabbitmq » Version: 3.7.4

cpe:2.3:a:pivotal_software:rabbitmq:3.7.4
Pivotal Software » Rabbitmq » Version: 3.7.5

cpe:2.3:a:pivotal_software:rabbitmq:3.7.5
Pivotal Software » Rabbitmq » Version: 3.7.6

cpe:2.3:a:pivotal_software:rabbitmq:3.7.6
Pivotal Software » Rabbitmq » Version: 3.7.7

cpe:2.3:a:pivotal_software:rabbitmq:3.7.7
Pivotal Software » Rabbitmq » Version: 3.7.8

cpe:2.3:a:pivotal_software:rabbitmq:3.7.8
Pivotal Software » Rabbitmq » Version: 3.7.9

cpe:2.3:a:pivotal_software:rabbitmq:3.7.9
Redhat » Openstack » Version: 15

cpe:2.3:a:redhat:openstack:15
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0
Fedoraproject » Fedora » Version: 30

cpe:2.3:o:fedoraproject:fedora:30
Fedoraproject » Fedora » Version: 31

cpe:2.3:o:fedoraproject:fedora:31

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11287

Products

Pricing

Contact Us