rabbitmq-server: DoS by publishing large messages over the HTTP API

A flaw was found in the rabbitmq-server. An authenticated user with sufficient credentials can publish very large messages over the HTTP API and cause the target node to be terminated by an "out-of-memory killer" like mechanism...

RHEL 9 : Red Hat OpenStack Platform 17.1 (rabbitmq-server) (RHSA-2024:0217)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0217 advisory. RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable...

SUSE SLES15 / openSUSE 15 Security Update : rabbitmq-server (SUSE-SU-2023:4939-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4939-1 advisory. - RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it...

Debian dla-3687 : rabbitmq-server - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3687 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3687-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3687-1] rabbitmq-server security update

Debian LTS Advisory DLA-3687-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 13, 2023 https://wiki.debian.org/LTS Package : rabbitmq-server Version : 3.8.2-1+deb10u2 CVE ID : CVE-2023-46118 Debian Bug : 1056723 RabbitMQ is a multi-protocol messaging and...

Debian: Security Advisory (DSA-5571-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5571-1] rabbitmq-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5571-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 01, 2023 https://www.debian.org/security/faq -...

Debian DSA-5571-1 : rabbitmq-server - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5571 advisory. - RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : RabbitMQ vulnerability (USN-6501-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6501-1 advisory. It was discovered that RabbitMQ incorrectly handled certain HTTP requests. An attacker could possibly use this issue to cause a denial...

Insertion Of Sensitive Information Into Log File

github.com/juanfont/headscale is vulnerable to Insertion Of Sensitive Information Into Log File. The vulnerability is due the HTTP api writting the whole bearer token to info-level logs...

CVE-2023-46118

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

Design/Logic Flaw

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

CVE-2023-46118

CVE-2023-46118 affects RabbitMQ’s HTTP API where no request body size limit was enforced. An authenticated user can send oversized messages via the HTTP API, potentially triggering target node termination by an OOM-like mechanism (DoS). The vulnerability is addressed by patches in RabbitMQ server...

CVE-2023-46118 Denial of Service by publishing large messages over the HTTP API

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

CVE-2023-46118 Denial of Service by publishing large messages over the HTTP API

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service DoS attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API...

ROS-20231011-01

A vulnerability in the HTTP API of the pgAdmin 4 database management tool is related to insufficient input data validation. verification of input data. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary commands on the server...

Fedora 38 : pgadmin4 (2023-8cc61c8b14)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8cc61c8b14 advisory. Backport fix for CVE-2023-5002. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 37 : pgadmin4 (2023-478aa17fa2)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-478aa17fa2 advisory. Backport fix for CVE-2023-5002. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Remote Code Execution

pgadmin4 is vulnerable to Remote Code Execution. The vulnerability is caused by a missing validation in the pgAdmin server HTTP API - validatebinarypath that is used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. This can result in an...

SUSE CVE-2023-5002

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an...