{
  "modified": "2025-08-09T19:01:29Z",
  "published": "2015-01-20T15:59:08Z",
  "id": "CVE-2014-9494",
  "details": "RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://www.rabbitmq.com/release-notes/README-3.4.0.txt"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2015/q1/30"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99685"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21topic/rabbitmq-users/DMkypbSvIyM"
    }
  ]
}