Bypassing Loopback Users Restriction in RabbitMQ via Crafted X-Forwarded-For Header

CVE-2014-9494

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Learn more about our User Device Pen Test.