The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter. Upstream bug: https://github.com/rabbitmq/rabbitmq-management/issues/97 Upstream patches: https://github.com/rabbitmq/rabbitmq-management/pull/106/commits/5ebc159d3f65ab230e3f261e81ee49d00ebc57c3 https://github.com/rabbitmq/rabbitmq-management/pull/106/commits/298d86fe8cb6865bf50cf91f274b1872cb7bd7ba
Created rabbitmq-server tracking bugs for this issue: Affects: epel-all [bug 1404151]
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2017:0226 https://rhn.redhat.com/errata/RHSA-2017-0226.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7 Via RHSA-2017:0532 https://rhn.redhat.com/errata/RHSA-2017-0532.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6 Via RHSA-2017:0533 https://rhn.redhat.com/errata/RHSA-2017-0533.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 Via RHSA-2017:0531 https://rhn.redhat.com/errata/RHSA-2017-0531.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2017:0530 https://rhn.redhat.com/errata/RHSA-2017-0530.html