[rabbitmq-discuss] Possible RabbitMQ 3.0.4 Management Plug-in (Mochiweb) Directory Traversal Vulnerability?
Zach Austin
zachary.w.austin at gmail.com
Wed Jul 10 01:05:46 BST 2013
Hello all,
A commercial off-the-shelf vulnerability scanner is detecting a directory
traversal vulnerability in the RabbitMQ management plugin HTTP server
(Mochiweb) installed in the default configuration on Windows Server 2003.
Exploitation of the vulnerability reportedly does not require
authentication.
I can provide details upon request. Please let me know if this is a known
issue and whether there are patches available that may resolve this issue.
Thank you.
Zach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130709/60b9c190/attachment.htm>
More information about the rabbitmq-discuss
mailing list