DEBIAN-CVE-2019-11287

DEBIAN-CVE-2019-11287 PUBLISHED CVSS 7.5 HIGH

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	rabbitmq-server	0, 0, 0
Debian:11	rabbitmq-server	0, 0, 0
Debian:14	rabbitmq-server	0, 0, 0
Debian:13	rabbitmq-server	0, 0, 0

Exploit Intelligence

CVE-2019-11287: DoS via Heap Overflow in RabbitMQ Web Management Plugin (github-poc-repo)
CVE-2019-11287: DoS via Heap Overflow in RabbitMQ Web Management Plugin (github-poc)

Timeline

Nov 23, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-11287 advisory

Open in Interactive Console →