https://bugzilla.redhat.com/show_bug.cgi?id=1185515
Bug ID: 1185515
Summary: RabbitMQ: /api/definitions rsponse splitting
vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: abaron(a)redhat.com, aortega(a)redhat.com,
apevec(a)redhat.com, ayoung(a)redhat.com,
chrisw(a)redhat.com, dallan(a)redhat.com,
erlang(a)lists.fedoraproject.org, gkotton(a)redhat.com,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com, lhh(a)redhat.com,
lpeer(a)redhat.com, markmc(a)redhat.com,
pmyers(a)redhat.com, rbryant(a)redhat.com,
rjones(a)redhat.com, s(a)shk.io, sclewis(a)redhat.com,
yeylon(a)redhat.com
26433 fix response-splitting vulnerability in /api/downloads (since 2.1.0)
Bug 26433 allowed an attacker to specify a URL to /api/definitions which
would cause an arbitrary additional header to be returned. This was
fixed by stripping out CR/LF from the "download" query string parameter.
Upstream patches:
http://hg.rabbitmq.com/rabbitmq-management/rev/dceba16cc105
References:
https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
--
You are receiving this mail because:
You are on the CC list for the bug.