[rabbitmq-discuss] Possible RabbitMQ 3.0.4 Management Plug-in (Mochiweb) Directory Traversal Vulnerability?
Emile Joubert
emile at rabbitmq.com
Wed Jul 10 11:22:03 BST 2013
Hi Zach,
On 10/07/13 01:05, Zach Austin wrote:
> A commercial off-the-shelf vulnerability scanner is detecting a
> directory traversal vulnerability in the RabbitMQ management plugin HTTP
> server (Mochiweb) installed in the default configuration on Windows
> Server 2003. Exploitation of the vulnerability reportedly does not
> require authentication.
>
> I can provide details upon request. Please let me know if this is a
> known issue
If you provide details then we'll be able to determine whether this is a
known issue. Please reply to me directly if you feel the need to
practice responsible disclosure.
-Emile
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x60F7BCB2.asc
Type: application/pgp-keys
Size: 18997 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130710/341bb20d/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130710/341bb20d/attachment.pgp>
More information about the rabbitmq-discuss
mailing list