CVE-2016-9877 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-9877 Interim 1 21 2022-11-09T02:36:56Z current 2021-05-30T13:48:32Z 2022-11-09T02:36:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-9877 An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00064.html E-Mail link for openSUSE-SU-2017:0306-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 2.1 SUSE Enterprise Storage 4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Tumbleweed erlang-rabbitmq-client erlang-rabbitmq-client-3.8.11-1.26 erlang-rabbitmq-client-3.8.11-3.3.3 erlang-rabbitmq-client-3.8.3-1.27 erlang-rabbitmq-client-3.9.7-1.1 rabbitmq-server rabbitmq-server-3.8.11-1.26 rabbitmq-server-3.8.11-3.3.3 rabbitmq-server-3.8.3-1.27 rabbitmq-server-3.9.7-1.1 rabbitmq-server-bash-completion-3.9.7-1.1 rabbitmq-server-plugins rabbitmq-server-plugins-3.8.11-1.26 rabbitmq-server-plugins-3.8.11-3.3.3 rabbitmq-server-plugins-3.8.3-1.27 rabbitmq-server-plugins-3.9.7-1.1 rabbitmq-server-zsh-completion-3.9.7-1.1 erlang-rabbitmq-client-3.8.3-1.27 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 rabbitmq-server-3.8.3-1.27 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 rabbitmq-server-plugins-3.8.3-1.27 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 erlang-rabbitmq-client-3.8.11-1.26 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 rabbitmq-server-3.8.11-1.26 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 rabbitmq-server-plugins-3.8.11-1.26 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 erlang-rabbitmq-client-3.8.11-3.3.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 rabbitmq-server-3.8.11-3.3.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 rabbitmq-server-plugins-3.8.11-3.3.3 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 erlang-rabbitmq-client-3.9.7-1.1 as a component of openSUSE Tumbleweed rabbitmq-server-3.9.7-1.1 as a component of openSUSE Tumbleweed rabbitmq-server-bash-completion-3.9.7-1.1 as a component of openSUSE Tumbleweed rabbitmq-server-plugins-3.9.7-1.1 as a component of openSUSE Tumbleweed rabbitmq-server-zsh-completion-3.9.7-1.1 as a component of openSUSE Tumbleweed rabbitmq-server as a component of SUSE Enterprise Storage 2.1 rabbitmq-server as a component of SUSE Enterprise Storage 4 erlang-rabbitmq-client as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 rabbitmq-server as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 rabbitmq-server-plugins as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. CVE-2016-9877 SUSE Linux Enterprise Module for Server Applications 15 SP2:erlang-rabbitmq-client-3.8.3-1.27 SUSE Linux Enterprise Module for Server Applications 15 SP2:rabbitmq-server-3.8.3-1.27 SUSE Linux Enterprise Module for Server Applications 15 SP2:rabbitmq-server-plugins-3.8.3-1.27 SUSE Linux Enterprise Module for Server Applications 15 SP3:erlang-rabbitmq-client-3.8.11-1.26 SUSE Linux Enterprise Module for Server Applications 15 SP3:rabbitmq-server-3.8.11-1.26 SUSE Linux Enterprise Module for Server Applications 15 SP3:rabbitmq-server-plugins-3.8.11-1.26 SUSE Linux Enterprise Module for Server Applications 15 SP4:erlang-rabbitmq-client-3.8.11-3.3.3 SUSE Linux Enterprise Module for Server Applications 15 SP4:rabbitmq-server-3.8.11-3.3.3 SUSE Linux Enterprise Module for Server Applications 15 SP4:rabbitmq-server-plugins-3.8.11-3.3.3 openSUSE Tumbleweed:erlang-rabbitmq-client-3.9.7-1.1 openSUSE Tumbleweed:rabbitmq-server-3.9.7-1.1 openSUSE Tumbleweed:rabbitmq-server-bash-completion-3.9.7-1.1 openSUSE Tumbleweed:rabbitmq-server-plugins-3.9.7-1.1 openSUSE Tumbleweed:rabbitmq-server-zsh-completion-3.9.7-1.1 SUSE Enterprise Storage 2.1:rabbitmq-server SUSE Enterprise Storage 4:rabbitmq-server SUSE Linux Enterprise Module for Server Applications 15 SP2:erlang-rabbitmq-client SUSE Linux Enterprise Module for Server Applications 15 SP2:rabbitmq-server SUSE Linux Enterprise Module for Server Applications 15 SP2:rabbitmq-server-plugins important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H