CVE-2019-11287 PoC — Pivotal Software RabbitMQ 格式化字符串错误漏洞

Source

Associated Vulnerability

Description

CVE-2019-11287: DoS via Heap Overflow in RabbitMQ Web Management Plugin

Readme

# CVE-2019-11287: DoS via Heap Overflow in RabbitMQ Web Management Plugin

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack.

The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.

### Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found [here](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23833).

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2019-11287/blob/main/RabbitMQ%20-%20CVE-2019-11287.pdf).

File Snapshot

 [4.0K]  /data/pocs/b8679085b9b32c3db4505d115201c20d6aa57e19
├── [1.2M]  RabbitMQ - CVE-2019-11287.pdf
└── [ 974]  README.md

0 directories, 2 files

Remarks