vulnerability

FreeBSD: (Multiple Advisories) (CVE-2016-9877)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Jan 15, 2017

Added

Jan 15, 2017

Modified

Jun 15, 2026

Description

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Solution

freebsd-upgrade-package-rabbitmq

References

CVE-2016-9877
https://attackerkb.com/topics/CVE-2016-9877
CWE-284
EUVD-EUVD-2016-10668
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-10668

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report