CVE-2015-8786

Published: 9 December 2016

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
rabbitmq-server Launchpad, Ubuntu, Debian	artful	Not vulnerable (3.6.6-1)
	bionic	Not vulnerable (3.6.6-1)
	cosmic	Not vulnerable (3.6.6-1)
	disco	Not vulnerable (3.6.6-1)
	eoan	Not vulnerable (3.6.6-1)
	focal	Not vulnerable (3.6.6-1)
	groovy	Not vulnerable (3.6.6-1)
	hirsute	Not vulnerable (3.6.6-1)
	impish	Not vulnerable (3.6.6-1)
	jammy	Not vulnerable (3.6.6-1)
	kinetic	Not vulnerable (3.6.6-1)
	precise	Does not exist (precise was not-affected)
	trusty	Does not exist (trusty was needed)
	upstream	Needs triage
	xenial	Needed
	yakkety	Ignored (reached end-of-life)
	zesty	Not vulnerable (3.6.6-1)

References

Bugs

https://github.com/rabbitmq/rabbitmq-management/issues/97

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›