{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2014-9650","title":"Title"},{"category":"description","text":"CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2014-9650","url":"https://www.suse.com/security/cve/CVE-2014-9650"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 915326 for CVE-2014-9650","url":"https://bugzilla.suse.com/915326"}],"title":"SUSE CVE CVE-2014-9650","tracking":{"current_release_date":"2025-10-08T00:18:17Z","generator":{"date":"2023-02-15T05:24:45Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2014-9650","initial_release_date":"2023-02-15T05:24:45Z","revision_history":[{"date":"2023-02-15T05:24:45Z","number":"2","summary":"Current version"},{"date":"2025-03-16T05:04:57Z","number":"3","summary":"Current version"},{"date":"2025-04-25T11:34:48Z","number":"4","summary":"Current version"},{"date":"2025-10-08T00:18:17Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Cloud 5","product":{"name":"SUSE Cloud 5","product_id":"SUSE Cloud 5","product_identification_helper":{"cpe":"cpe:/a:suse:suse-cloud:5"}}},{"category":"product_version","name":"rabbitmq-server","product":{"name":"rabbitmq-server","product_id":"rabbitmq-server","product_identification_helper":{"cpe":"cpe:2.3:a:vmware:rabbitmq:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/rabbitmq-server@?upstream=rabbitmq-server.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 2.0","product_id":"SUSE Cloud 2.0:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 2.0"},{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 4","product_id":"SUSE Cloud 4:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 4"},{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 4 Dependencies","product_id":"SUSE Cloud 4 Dependencies:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 4 Dependencies"},{"category":"default_component_of","full_product_name":{"name":"rabbitmq-server as component of SUSE Cloud 5","product_id":"SUSE Cloud 5:rabbitmq-server"},"product_reference":"rabbitmq-server","relates_to_product_reference":"SUSE Cloud 5"}]},"vulnerabilities":[{"cve":"CVE-2014-9650","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-9650"}],"notes":[{"category":"general","text":"CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Cloud 5:rabbitmq-server"]},"references":[{"category":"external","summary":"CVE-2014-9650","url":"https://www.suse.com/security/cve/CVE-2014-9650"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 915326 for CVE-2014-9650","url":"https://bugzilla.suse.com/915326"}],"remediations":[{"category":"no_fix_planned","details":"There is no fix planned for these products.\n","product_ids":["SUSE Cloud 2.0:rabbitmq-server","SUSE Cloud 4:rabbitmq-server","SUSE Cloud 4 Dependencies:rabbitmq-server"]}],"threats":[{"category":"impact","date":"2015-01-27T17:56:08Z","details":"moderate"}],"title":"CVE-2014-9650"}]}