vulnerability

Ubuntu: USN-3374-1 (CVE-2016-9877): RabbitMQ vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 29, 2016

Added

Jul 31, 2017

Modified

Mar 27, 2026

Description

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

Solution

ubuntu-upgrade-rabbitmq-server

References

CVE-2016-9877
https://attackerkb.com/topics/CVE-2016-9877
CWE-284
DEBIAN-DSA-3761
EUVD-EUVD-2016-10668
NVD-CVE-2016-9877
UBUNTU-USN-3374-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-10668

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report