CVE-2018-7262

Опубликовано: 19 мар. 2018

Источник: debian

EPSS Низкий

Описание

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ceph	not-affected			package

Примечания

See details in https://bugs.debian.org/891963#15 . Ceph as present in
Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
version of the embedded webserver in RADOS gateway which does not return
null strings on malformed HTTP requests.
Original pull request: https://github.com/ceph/ceph/pull/20403
Superseeded by: https://github.com/ceph/ceph/pull/20488

EPSS

Процентиль: 80%

0.01398

Низкий

Связанные уязвимости

CVE-2018-7262

CVSS3: 7.5

ubuntu

почти 8 лет назад

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

CVE-2018-7262

CVSS3: 7.3

redhat

почти 8 лет назад

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

CVE-2018-7262

CVSS3: 7.5

nvd

почти 8 лет назад

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

GHSA-8gpf-89wg-vgwp

CVSS3: 7.5

github

больше 3 лет назад

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

openSUSE-SU-2018:2479-1

suse-cvrf

больше 7 лет назад

Security update for ceph

EPSS

Процентиль: 80%

0.01398

Низкий