Candidate: CVE-2014-9494
PublicDate: 2015-01-20 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9494
 http://www.rabbitmq.com/release-notes/README-3.4.0.txt
Description:
 RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users
 restriction via a crafted X-Forwareded-For header.
Ubuntu-Description:
Notes:
 mdeslaur> 3.3.0 and higher
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773134
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_rabbitmq-server:
 upstream: http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a
 upstream: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/2fc7e9a7b7349246a62d088633234be6f313f556
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/3c8073a113d99c343d0ef47abe48b0c4175a4d1a
upstream_rabbitmq-server: released (3.4.1-1)
lucid_rabbitmq-server: ignored (reached end-of-life)
precise_rabbitmq-server: not-affected (2.7.1-0ubuntu4)
trusty_rabbitmq-server: not-affected (3.2.4-1)
trusty/esm_rabbitmq-server: DNE (trusty was not-affected [3.2.4-1])
utopic_rabbitmq-server: ignored (reached end-of-life)
vivid_rabbitmq-server: not-affected (3.4.1-1)
devel_rabbitmq-server: not-affected (3.4.1-1)