CVE-2014-9494

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.

Date published : 2015-01-20

http://www.rabbitmq.com/release-notes/README-3.4.0.txt

https://groups.google.com/forum/#%21topic/rabbitmq-users/DMkypbSvIyM