What is the severity of CVE-2014-9650?

CVE-2014-9650 has been assigned a medium severity rating due to its potential for HTTP response splitting attacks.

How do I fix CVE-2014-9650?

To fix CVE-2014-9650, upgrade RabbitMQ to version 3.4.1 or later.

What versions are affected by CVE-2014-9650?

CVE-2014-9650 affects RabbitMQ versions from 2.1.0 to 3.4.0.

Can CVE-2014-9650 be exploited remotely?

Yes, CVE-2014-9650 can be exploited remotely due to its nature of accepting malicious input parameters.

What type of attacks can CVE-2014-9650 enable?

CVE-2014-9650 can enable attacks such as HTTP response splitting and arbitrary HTTP header injection.

Vulnerability/
CVE-2014-9650

medium

CWE

27/1/2015

17/3/2022

CVE-2014-9650: CRLF Injection

First published: Tue Jan 27 2015(Updated: )

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.

Credit: security@ubuntu.com

Affected Software	Affected Version	How to fix
RabbitMQ (Pivotal Software)	=2.1.0
RabbitMQ (Pivotal Software)	=2.1.1
RabbitMQ (Pivotal Software)	=2.2.0
RabbitMQ (Pivotal Software)	=2.3.0
RabbitMQ (Pivotal Software)	=2.3.1
RabbitMQ (Pivotal Software)	=2.4.0
RabbitMQ (Pivotal Software)	=2.4.1
RabbitMQ (Pivotal Software)	=2.5.0
RabbitMQ (Pivotal Software)	=2.5.1
RabbitMQ (Pivotal Software)	=2.6.0
RabbitMQ (Pivotal Software)	=2.6.1
RabbitMQ (Pivotal Software)	=2.7.0
RabbitMQ (Pivotal Software)	=2.7.1
RabbitMQ (Pivotal Software)	=2.8.0
RabbitMQ (Pivotal Software)	=2.8.1
RabbitMQ (Pivotal Software)	=2.8.2
RabbitMQ (Pivotal Software)	=2.8.3
RabbitMQ (Pivotal Software)	=2.8.4
RabbitMQ (Pivotal Software)	=2.8.5
RabbitMQ (Pivotal Software)	=2.8.6
RabbitMQ (Pivotal Software)	=2.8.7
RabbitMQ (Pivotal Software)	=3.0.0
RabbitMQ (Pivotal Software)	=3.0.1
RabbitMQ (Pivotal Software)	=3.0.2
RabbitMQ (Pivotal Software)	=3.0.3
RabbitMQ (Pivotal Software)	=3.0.4
RabbitMQ (Pivotal Software)	=3.1.0
RabbitMQ (Pivotal Software)	=3.1.1
RabbitMQ (Pivotal Software)	=3.1.2
RabbitMQ (Pivotal Software)	=3.1.3
RabbitMQ (Pivotal Software)	=3.1.4
RabbitMQ (Pivotal Software)	=3.1.5
RabbitMQ (Pivotal Software)	=3.2.0
RabbitMQ (Pivotal Software)	=3.2.1
RabbitMQ (Pivotal Software)	=3.2.2
RabbitMQ (Pivotal Software)	=3.2.3
RabbitMQ (Pivotal Software)	=3.2.4
RabbitMQ (Pivotal Software)	=3.3.0
RabbitMQ (Pivotal Software)	=3.3.1
RabbitMQ (Pivotal Software)	=3.3.2
RabbitMQ (Pivotal Software)	=3.3.3
RabbitMQ (Pivotal Software)	=3.3.4
RabbitMQ (Pivotal Software)	=3.3.5
RabbitMQ (Pivotal Software)	=3.4.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9650?
CVE-2014-9650 has been assigned a medium severity rating due to its potential for HTTP response splitting attacks.
How do I fix CVE-2014-9650?
To fix CVE-2014-9650, upgrade RabbitMQ to version 3.4.1 or later.
What versions are affected by CVE-2014-9650?
CVE-2014-9650 affects RabbitMQ versions from 2.1.0 to 3.4.0.
Can CVE-2014-9650 be exploited remotely?
Yes, CVE-2014-9650 can be exploited remotely due to its nature of accepting malicious input parameters.
What type of attacks can CVE-2014-9650 enable?
CVE-2014-9650 can enable attacks such as HTTP response splitting and arbitrary HTTP header injection.

agent/references
agent/type
agent/severity
agent/weakness
agent/author
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/vmware
canonical/rabbitmq (pivotal software)
version/rabbitmq (pivotal software)/2.1.0
version/rabbitmq (pivotal software)/2.1.1
version/rabbitmq (pivotal software)/2.2.0
version/rabbitmq (pivotal software)/2.3.0
version/rabbitmq (pivotal software)/2.3.1
version/rabbitmq (pivotal software)/2.4.0
version/rabbitmq (pivotal software)/2.4.1
version/rabbitmq (pivotal software)/2.5.0
version/rabbitmq (pivotal software)/2.5.1
version/rabbitmq (pivotal software)/2.6.0
version/rabbitmq (pivotal software)/2.6.1
version/rabbitmq (pivotal software)/2.7.0
version/rabbitmq (pivotal software)/2.7.1
version/rabbitmq (pivotal software)/2.8.0
version/rabbitmq (pivotal software)/2.8.1
version/rabbitmq (pivotal software)/2.8.2
version/rabbitmq (pivotal software)/2.8.3
version/rabbitmq (pivotal software)/2.8.4
version/rabbitmq (pivotal software)/2.8.5
version/rabbitmq (pivotal software)/2.8.6
version/rabbitmq (pivotal software)/2.8.7
version/rabbitmq (pivotal software)/3.0.0
version/rabbitmq (pivotal software)/3.0.1
version/rabbitmq (pivotal software)/3.0.2
version/rabbitmq (pivotal software)/3.0.3
version/rabbitmq (pivotal software)/3.0.4
version/rabbitmq (pivotal software)/3.1.0
version/rabbitmq (pivotal software)/3.1.1
version/rabbitmq (pivotal software)/3.1.2
version/rabbitmq (pivotal software)/3.1.3
version/rabbitmq (pivotal software)/3.1.4
version/rabbitmq (pivotal software)/3.1.5
version/rabbitmq (pivotal software)/3.2.0
version/rabbitmq (pivotal software)/3.2.1
version/rabbitmq (pivotal software)/3.2.2
version/rabbitmq (pivotal software)/3.2.3
version/rabbitmq (pivotal software)/3.2.4
version/rabbitmq (pivotal software)/3.3.0
version/rabbitmq (pivotal software)/3.3.1
version/rabbitmq (pivotal software)/3.3.2
version/rabbitmq (pivotal software)/3.3.3
version/rabbitmq (pivotal software)/3.3.4
version/rabbitmq (pivotal software)/3.3.5
version/rabbitmq (pivotal software)/3.4.0