[rabbitmq-discuss] Possible RabbitMQ 3.0.4 Management Plug-in (Mochiweb) Directory Traversal Vulnerability?

Emile Joubert emile at rabbitmq.com
Wed Jul 10 11:22:03 BST 2013

Hi Zach,

On 10/07/13 01:05, Zach Austin wrote:
> A commercial off-the-shelf vulnerability scanner is detecting a
> directory traversal vulnerability in the RabbitMQ management plugin HTTP
> server (Mochiweb) installed in the default configuration on Windows
> Server 2003. Exploitation of the vulnerability reportedly does not
> require authentication. 
> I can provide details upon request.  Please let me know if this is a
> known issue 

If you provide details then we'll be able to determine whether this is a
known issue. Please reply to me directly if you feel the need to
practice responsible disclosure.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x60F7BCB2.asc
Type: application/pgp-keys
Size: 18997 bytes
Desc: not available
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130710/341bb20d/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130710/341bb20d/attachment.pgp>

More information about the rabbitmq-discuss mailing list