{"id":"CVE-2014-9494","details":"RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.","modified":"2026-04-10T03:44:52.097718Z","published":"2015-01-20T15:59:08Z","related":["openSUSE-SU-2024:10370-1"],"references":[{"type":"ADVISORY","url":"http://www.rabbitmq.com/release-notes/README-3.4.0.txt"},{"type":"WEB","url":"http://seclists.org/oss-sec/2015/q1/30"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/99685"},{"type":"WEB","url":"https://groups.google.com/forum/#%21topic/rabbitmq-users/DMkypbSvIyM"}],"schema_version":"1.7.5"}