N/A

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

N/A

N/A

Pivotal RabbitMQ和RabbitMQ for PCF 安全漏洞

Pivotal RabbitMQ和RabbitMQ for PCF都是美国Pivotal公司的产品。前者是一套实现了高级消息队列协议（AMQP）的开源消息代理软件，后者是一款开源的用于支持基于全局数据传送和高容量的数据监测的消息服务器。 Pivotal RabbitMQ和RabbitMQ for PCF中存在安全漏洞。攻击者可利用该漏洞绕过安全限制，获取未授权的访问权限。以下产品和版本受到影响：Pivotal RabbitMQ 3.5.8之前的3.x版本，3.6.6之前的3.6.x版本；RabbitMQ

N/A

N/A