1. Home
  2. Vulnerabilities
  3. CVE-2018-11087

CVE-2018-11087

CVSS v3.0 5.9 (Medium)
59% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.13 % (48th)
0.13% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

Weaknesses
CWE-295
Improper Certificate Validation
CVE Status
PUBLISHED
CNA
Dell
Published Date
2018-09-14 20:29:00
(6 years ago)
Updated Date
2020-08-24 17:37:01
(4 years ago)

Affected Products

Pivotal Software

Configuration #1

    CPE23 From Up To
  Pivotal Software Spring Advanced Message Queuing Protocol from 1.0.0 version and prior 1.7.10 version cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol >= 1.0.0 < 1.7.10
  Pivotal Software Spring Advanced Message Queuing Protocol from 2.0.0 version and prior 2.0.6 version cpe:2.3:a:pivotal_software:spring_advanced_message_queuing_protocol >= 2.0.0 < 2.0.6

Configuration #2

    CPE23 From Up To
  Pivotal Software Rabbitmq prior 4.8.0 version cpe:2.3:a:pivotal_software:rabbitmq < 4.8.0
  Pivotal Software Rabbitmq from 4.8.1 version and prior 5.4.0 version cpe:2.3:a:pivotal_software:rabbitmq >= 4.8.1 < 5.4.0