[rabbitmq-discuss] Possible RabbitMQ 3.0.4 Management Plug-in (Mochiweb) Directory Traversal Vulnerability?

• Previous message: [rabbitmq-discuss] why rabbit eating so much memory?
• Next message: [rabbitmq-discuss] Possible RabbitMQ 3.0.4 Management Plug-in (Mochiweb) Directory Traversal Vulnerability?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello all,

A commercial off-the-shelf vulnerability scanner is detecting a directory 
traversal vulnerability in the RabbitMQ management plugin HTTP server 
(Mochiweb) installed in the default configuration on Windows Server 2003. 
Exploitation of the vulnerability reportedly does not require 
authentication.  

I can provide details upon request.  Please let me know if this is a known 
issue and whether there are patches available that may resolve this issue.

Thank you.
Zach


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130709/60b9c190/attachment.htm>

• Previous message: [rabbitmq-discuss] why rabbit eating so much memory?
• Next message: [rabbitmq-discuss] Possible RabbitMQ 3.0.4 Management Plug-in (Mochiweb) Directory Traversal Vulnerability?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]