 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-46118 |
| Description: | RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.833807 1.3.6.1.4.1.25623.1.1.1.1.2023.5571 1.3.6.1.4.1.25623.1.1.12.2023.6501.1 1.3.6.1.4.1.25623.1.1.1.2.2023.3687 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-46118 Debian Security Information: DSA-5571 (Google Search) https://www.debian.org/security/2023/dsa-5571 https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html |