What is the severity of CVE-2014-9649?

CVE-2014-9649 is classified as a medium severity vulnerability due to the potential for cross-site scripting attacks.

How do I fix CVE-2014-9649?

To fix CVE-2014-9649, upgrade your RabbitMQ installation to version 3.4.1 or later.

What versions of RabbitMQ are affected by CVE-2014-9649?

CVE-2014-9649 affects RabbitMQ versions from 2.1.0 up to 3.4.0.

What type of vulnerability is CVE-2014-9649?

CVE-2014-9649 is a cross-site scripting (XSS) vulnerability found in the RabbitMQ management plugin.

Can CVE-2014-9649 be exploited remotely?

Yes, CVE-2014-9649 can be exploited remotely by attackers through crafted requests to the RabbitMQ API.

Vulnerability/
CVE-2014-9649

medium

4.3

CWE

27/1/2015

17/3/2022

CVE-2014-9649: XSS

First published: Tue Jan 27 2015(Updated: )

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

Credit: security@ubuntu.com

Affected Software	Affected Version	How to fix
RabbitMQ (Pivotal Software)	=2.1.0
RabbitMQ (Pivotal Software)	=2.1.1
RabbitMQ (Pivotal Software)	=2.2.0
RabbitMQ (Pivotal Software)	=2.3.0
RabbitMQ (Pivotal Software)	=2.3.1
RabbitMQ (Pivotal Software)	=2.4.0
RabbitMQ (Pivotal Software)	=2.4.1
RabbitMQ (Pivotal Software)	=2.5.0
RabbitMQ (Pivotal Software)	=2.5.1
RabbitMQ (Pivotal Software)	=2.6.0
RabbitMQ (Pivotal Software)	=2.6.1
RabbitMQ (Pivotal Software)	=2.7.0
RabbitMQ (Pivotal Software)	=2.7.1
RabbitMQ (Pivotal Software)	=2.8.0
RabbitMQ (Pivotal Software)	=2.8.1
RabbitMQ (Pivotal Software)	=2.8.2
RabbitMQ (Pivotal Software)	=2.8.3
RabbitMQ (Pivotal Software)	=2.8.4
RabbitMQ (Pivotal Software)	=2.8.5
RabbitMQ (Pivotal Software)	=2.8.6
RabbitMQ (Pivotal Software)	=2.8.7
RabbitMQ (Pivotal Software)	=3.0.0
RabbitMQ (Pivotal Software)	=3.0.1
RabbitMQ (Pivotal Software)	=3.0.2
RabbitMQ (Pivotal Software)	=3.0.3
RabbitMQ (Pivotal Software)	=3.0.4
RabbitMQ (Pivotal Software)	=3.1.0
RabbitMQ (Pivotal Software)	=3.1.1
RabbitMQ (Pivotal Software)	=3.1.2
RabbitMQ (Pivotal Software)	=3.1.3
RabbitMQ (Pivotal Software)	=3.1.4
RabbitMQ (Pivotal Software)	=3.1.5
RabbitMQ (Pivotal Software)	=3.2.0
RabbitMQ (Pivotal Software)	=3.2.1
RabbitMQ (Pivotal Software)	=3.2.2
RabbitMQ (Pivotal Software)	=3.2.3
RabbitMQ (Pivotal Software)	=3.2.4
RabbitMQ (Pivotal Software)	=3.3.0
RabbitMQ (Pivotal Software)	=3.3.1
RabbitMQ (Pivotal Software)	=3.3.2
RabbitMQ (Pivotal Software)	=3.3.3
RabbitMQ (Pivotal Software)	=3.3.4
RabbitMQ (Pivotal Software)	=3.3.5
RabbitMQ (Pivotal Software)	=3.4.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9649?
CVE-2014-9649 is classified as a medium severity vulnerability due to the potential for cross-site scripting attacks.
How do I fix CVE-2014-9649?
To fix CVE-2014-9649, upgrade your RabbitMQ installation to version 3.4.1 or later.
What versions of RabbitMQ are affected by CVE-2014-9649?
CVE-2014-9649 affects RabbitMQ versions from 2.1.0 up to 3.4.0.
What type of vulnerability is CVE-2014-9649?
CVE-2014-9649 is a cross-site scripting (XSS) vulnerability found in the RabbitMQ management plugin.
Can CVE-2014-9649 be exploited remotely?
Yes, CVE-2014-9649 can be exploited remotely by attackers through crafted requests to the RabbitMQ API.

agent/tags
agent/event
agent/severity
agent/weakness
agent/author
agent/references
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
vendor/vmware
canonical/rabbitmq (pivotal software)
version/rabbitmq (pivotal software)/2.1.0
version/rabbitmq (pivotal software)/2.1.1
version/rabbitmq (pivotal software)/2.2.0
version/rabbitmq (pivotal software)/2.3.0
version/rabbitmq (pivotal software)/2.3.1
version/rabbitmq (pivotal software)/2.4.0
version/rabbitmq (pivotal software)/2.4.1
version/rabbitmq (pivotal software)/2.5.0
version/rabbitmq (pivotal software)/2.5.1
version/rabbitmq (pivotal software)/2.6.0
version/rabbitmq (pivotal software)/2.6.1
version/rabbitmq (pivotal software)/2.7.0
version/rabbitmq (pivotal software)/2.7.1
version/rabbitmq (pivotal software)/2.8.0
version/rabbitmq (pivotal software)/2.8.1
version/rabbitmq (pivotal software)/2.8.2
version/rabbitmq (pivotal software)/2.8.3
version/rabbitmq (pivotal software)/2.8.4
version/rabbitmq (pivotal software)/2.8.5
version/rabbitmq (pivotal software)/2.8.6
version/rabbitmq (pivotal software)/2.8.7
version/rabbitmq (pivotal software)/3.0.0
version/rabbitmq (pivotal software)/3.0.1
version/rabbitmq (pivotal software)/3.0.2
version/rabbitmq (pivotal software)/3.0.3
version/rabbitmq (pivotal software)/3.0.4
version/rabbitmq (pivotal software)/3.1.0
version/rabbitmq (pivotal software)/3.1.1
version/rabbitmq (pivotal software)/3.1.2
version/rabbitmq (pivotal software)/3.1.3
version/rabbitmq (pivotal software)/3.1.4
version/rabbitmq (pivotal software)/3.1.5
version/rabbitmq (pivotal software)/3.2.0
version/rabbitmq (pivotal software)/3.2.1
version/rabbitmq (pivotal software)/3.2.2
version/rabbitmq (pivotal software)/3.2.3
version/rabbitmq (pivotal software)/3.2.4
version/rabbitmq (pivotal software)/3.3.0
version/rabbitmq (pivotal software)/3.3.1
version/rabbitmq (pivotal software)/3.3.2
version/rabbitmq (pivotal software)/3.3.3
version/rabbitmq (pivotal software)/3.3.4
version/rabbitmq (pivotal software)/3.3.5
version/rabbitmq (pivotal software)/3.4.0