Candidate: CVE-2015-0862
PublicDate: 2015-01-18 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0862
 http://www.rabbitmq.com/news.html#2015-01-08T10:14:05+0100
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the management web
 UI in the RabbitMQ management plugin before 3.4.3 allow remote
 authenticated users to inject arbitrary web script or HTML via (1) message
 details when a message is unqueued, such as headers or arguments; (2)
 policy names, which are not properly handled when viewing policies; (3)
 details for AMQP network clients, such as the version; allow remote
 authenticated administrators to inject arbitrary web script or HTML via (4)
 user names, (5) the cluster name; or allow RabbitMQ cluster administrators
 to (6) modify unspecified content.
Ubuntu-Description:
Notes:
Bugs:
Priority: negligible
Discovered-by:
Assigned-to:
CVSS: 

Patches_rabbitmq-server:
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/ebc74bce55673498cf084e97df8155cfc5f3e622
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/9ac4122b227d858e4fb46a440a86a70b17e98735
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/fc16e72cb4ea051d117b01e7aa31fa03f02707fc
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/27c579fc419708a5daaf8440c042f56e37b0deed
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/6ab5f6176843db3819d7020e7c6ae76751d8db5a
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/80dae93bc5eee585c1997b8600331e89106a79c9
 upstream: https://github.com/rabbitmq/rabbitmq-management/commit/89cd1e23e1ed84368d7c79a089799a8bcf735b86
upstream_rabbitmq-server: released (3.4.3)
lucid_rabbitmq-server: ignored (reached end-of-life)
precise_rabbitmq-server: ignored (reached end-of-life)
precise/esm_rabbitmq-server: DNE (precise was needed)
trusty_rabbitmq-server: ignored (reached end-of-life)
trusty/esm_rabbitmq-server: DNE (trusty was needed)
utopic_rabbitmq-server: ignored (reached end-of-life)
vivid_rabbitmq-server: ignored (reached end-of-life)
vivid/stable-phone-overlay_rabbitmq-server: DNE
vivid/ubuntu-core_rabbitmq-server: DNE
wily_rabbitmq-server: ignored (reached end-of-life)
xenial_rabbitmq-server: not-affected (3.5.7-1)
esm-infra/xenial_rabbitmq-server: not-affected (3.5.7-1)
yakkety_rabbitmq-server: not-affected (3.5.7-1)
zesty_rabbitmq-server: not-affected (3.6.6-1)
artful_rabbitmq-server: not-affected (3.6.6-1)
bionic_rabbitmq-server: not-affected (3.6.6-1)
cosmic_rabbitmq-server: not-affected (3.6.6-1)
disco_rabbitmq-server: not-affected (3.6.6-1)
devel_rabbitmq-server: not-affected (3.6.6-1)