CVE-2016-7031

Опубликовано: 03 окт. 2016

Источник: debian

EPSS Низкий

Описание

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ceph	fixed	10.2.5-1		package
ceph	fixed	0.80.7-2+deb8u2	jessie	package

Примечания

http://tracker.ceph.com/issues/13207
https://github.com/ceph/ceph/pull/6057
https://github.com/ceph/ceph/pull/11045

EPSS

Процентиль: 73%

0.00743

Низкий

Связанные уязвимости

CVE-2016-7031

CVSS3: 7.5

ubuntu

больше 9 лет назад

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

CVE-2016-7031

CVSS3: 3

redhat

больше 10 лет назад

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

CVE-2016-7031

CVSS3: 7.5

nvd

больше 9 лет назад

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

GHSA-cfww-rhhj-3fwm

CVSS3: 7.5

github

больше 3 лет назад

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL.

EPSS

Процентиль: 73%

0.00743

Низкий