CVE-2016-9877
First published: Thu Dec 29 2016(Updated: )
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RabbitMQ (Pivotal Software) | =3.5.4 | |
| RabbitMQ (Pivotal Software) | =3.5.5 | |
| RabbitMQ (Pivotal Software) | =3.5.7 | |
| RabbitMQ (Pivotal Software) | =3.6.0 | |
| RabbitMQ (Pivotal Software) | =3.6.1 | |
| RabbitMQ (Pivotal Software) | =3.6.2 | |
| RabbitMQ (Pivotal Software) | =3.6.3 | |
| RabbitMQ (Pivotal Software) | =3.6.4 | |
| RabbitMQ (Pivotal Software) | =3.6.5 | |
| RabbitMQ (Pivotal Software) | =3.0.0 | |
| RabbitMQ (Pivotal Software) | =3.0.1 | |
| RabbitMQ (Pivotal Software) | =3.0.2 | |
| RabbitMQ (Pivotal Software) | =3.0.3 | |
| RabbitMQ (Pivotal Software) | =3.0.4 | |
| RabbitMQ (Pivotal Software) | =3.1.0 | |
| RabbitMQ (Pivotal Software) | =3.1.1 | |
| RabbitMQ (Pivotal Software) | =3.1.2 | |
| RabbitMQ (Pivotal Software) | =3.1.3 | |
| RabbitMQ (Pivotal Software) | =3.1.4 | |
| RabbitMQ (Pivotal Software) | =3.1.5 | |
| RabbitMQ (Pivotal Software) | =3.2.0 | |
| RabbitMQ (Pivotal Software) | =3.2.1 | |
| RabbitMQ (Pivotal Software) | =3.2.2 | |
| RabbitMQ (Pivotal Software) | =3.2.3 | |
| RabbitMQ (Pivotal Software) | =3.2.4 | |
| RabbitMQ (Pivotal Software) | =3.3.0 | |
| RabbitMQ (Pivotal Software) | =3.3.1 | |
| RabbitMQ (Pivotal Software) | =3.3.2 | |
| RabbitMQ (Pivotal Software) | =3.3.3 | |
| RabbitMQ (Pivotal Software) | =3.3.4 | |
| RabbitMQ (Pivotal Software) | =3.3.5 | |
| RabbitMQ (Pivotal Software) | =3.4.0 | |
| RabbitMQ (Pivotal Software) | =3.4.1 | |
| RabbitMQ (Pivotal Software) | =3.4.2 | |
| RabbitMQ (Pivotal Software) | =3.4.3 | |
| RabbitMQ (Pivotal Software) | =3.4.4 | |
| RabbitMQ (Pivotal Software) | =3.5.0 | |
| RabbitMQ (Pivotal Software) | =3.5.1 | |
| RabbitMQ (Pivotal Software) | =3.5.2 | |
| RabbitMQ (Pivotal Software) | =3.5.3 | |
| RabbitMQ (Pivotal Software) | =3.5.6 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.0 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.1 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.2 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.3 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.4 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.5 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.6 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.7 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.8 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.9 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.10 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.11 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.12 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.13 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.14 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.15 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.17 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.5.18 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.0 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.1 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.2 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.3 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.4 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.5 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.6 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.7 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.8 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.9 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.6.10 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.7.0 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.7.2 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.7.3 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.7.4 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.7.5 | |
| Pivotal RabbitMQ for Pivotal Cloud Foundry | =1.7.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9877?
CVE-2016-9877 has been rated as a high severity vulnerability due to its impact on authentication mechanisms.
How do I fix CVE-2016-9877?
To fix CVE-2016-9877, upgrade RabbitMQ to versions 3.5.8, 3.6.6, or later.
Which versions of RabbitMQ are affected by CVE-2016-9877?
CVE-2016-9877 affects RabbitMQ versions 3.5.4 to 3.5.7 and 3.6.0 to 3.6.5, along with certain versions of RabbitMQ for PCF.
What type of vulnerability is CVE-2016-9877?
CVE-2016-9877 is an authentication vulnerability concerning MQTT connection handling.
Is there a workaround for CVE-2016-9877 if I can't upgrade?
No specific workarounds are recommended for CVE-2016-9877; upgrading is the advised remediation.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/pivotal software
- canonical/rabbitmq (pivotal software)
- version/rabbitmq (pivotal software)/3.5.4
- version/rabbitmq (pivotal software)/3.5.5
- version/rabbitmq (pivotal software)/3.5.7
- version/rabbitmq (pivotal software)/3.6.0
- version/rabbitmq (pivotal software)/3.6.1
- version/rabbitmq (pivotal software)/3.6.2
- version/rabbitmq (pivotal software)/3.6.3
- version/rabbitmq (pivotal software)/3.6.4
- version/rabbitmq (pivotal software)/3.6.5
- vendor/vmware
- version/rabbitmq (pivotal software)/3.0.0
- version/rabbitmq (pivotal software)/3.0.1
- version/rabbitmq (pivotal software)/3.0.2
- version/rabbitmq (pivotal software)/3.0.3
- version/rabbitmq (pivotal software)/3.0.4
- version/rabbitmq (pivotal software)/3.1.0
- version/rabbitmq (pivotal software)/3.1.1
- version/rabbitmq (pivotal software)/3.1.2
- version/rabbitmq (pivotal software)/3.1.3
- version/rabbitmq (pivotal software)/3.1.4
- version/rabbitmq (pivotal software)/3.1.5
- version/rabbitmq (pivotal software)/3.2.0
- version/rabbitmq (pivotal software)/3.2.1
- version/rabbitmq (pivotal software)/3.2.2
- version/rabbitmq (pivotal software)/3.2.3
- version/rabbitmq (pivotal software)/3.2.4
- version/rabbitmq (pivotal software)/3.3.0
- version/rabbitmq (pivotal software)/3.3.1
- version/rabbitmq (pivotal software)/3.3.2
- version/rabbitmq (pivotal software)/3.3.3
- version/rabbitmq (pivotal software)/3.3.4
- version/rabbitmq (pivotal software)/3.3.5
- version/rabbitmq (pivotal software)/3.4.0
- version/rabbitmq (pivotal software)/3.4.1
- version/rabbitmq (pivotal software)/3.4.2
- version/rabbitmq (pivotal software)/3.4.3
- version/rabbitmq (pivotal software)/3.4.4
- version/rabbitmq (pivotal software)/3.5.0
- version/rabbitmq (pivotal software)/3.5.1
- version/rabbitmq (pivotal software)/3.5.2
- version/rabbitmq (pivotal software)/3.5.3
- version/rabbitmq (pivotal software)/3.5.6
- canonical/pivotal rabbitmq for pivotal cloud foundry
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.0
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.1
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.2
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.3
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.4
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.5
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.6
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.7
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.8
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.9
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.10
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.11
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.12
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.13
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.14
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.15
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.17
- version/pivotal rabbitmq for pivotal cloud foundry/1.5.18
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.0
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.1
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.2
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.3
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.4
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.5
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.6
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.7
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.8
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.9
- version/pivotal rabbitmq for pivotal cloud foundry/1.6.10
- version/pivotal rabbitmq for pivotal cloud foundry/1.7.0
- version/pivotal rabbitmq for pivotal cloud foundry/1.7.2
- version/pivotal rabbitmq for pivotal cloud foundry/1.7.3
- version/pivotal rabbitmq for pivotal cloud foundry/1.7.4
- version/pivotal rabbitmq for pivotal cloud foundry/1.7.5
- version/pivotal rabbitmq for pivotal cloud foundry/1.7.6