VDB

CVE-2019-11287

CVE-2019-11287 PUBLISHED

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

EPSS 4.60% · 89.5th percentile

Risk Scores

EPSS Score
4.60%
89.5th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSrabbitmq-server0, 3.5.4-1, 3.5.4-3
Ubuntu:18.04:LTSrabbitmq-server0, 3.6.10-1ubuntu0.1, 3.6.10-1ubuntu0.3

Exploit Intelligence

…and 10 more exploits

Timeline

  • Nov 22, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›