View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-9877 severity important: SUSE including 30 source package names (erlang-rabbitmq-client, erlang-rabbitmq-client-3.13.7-160000.2.2, …), 32 product×package rows across 8 product lines (SUSE Enterprise Storage 2.1, SUSE Enterprise Storage 4, … (8 product lines)): Fixed 27, Known Not Affected 5.
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.