suse · CVE-2016-9877

Quick triage

Priority: high 公開: 2021-05-30 13:48:32 UTC Updated: 2026-04-18 15:53:12 UTC

参照: Official suse advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-9877 severity important: SUSE including 30 source package names (erlang-rabbitmq-client, erlang-rabbitmq-client-3.13.7-160000.2.2, …), 32 product×package rows across 8 product lines (SUSE Enterprise Storage 2.1, SUSE Enterprise Storage 4, … (8 product lines)): Fixed 27, Known Not Affected 5.

Description:

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.

cvelogic Threat Intelligence