Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9579

Опубликовано: 08 дек. 2016
Источник: redhat
CVSS3: 6.5
CVSS2: 5
EPSS Средний

Описание

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)cephNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)cephNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) InstallercephNot affected
Red Hat OpenStack Platform 10 (Newton)puppet-cephNot affected
Red Hat Ceph Storage 1.3 for Red Hat Enterprise Linux 7cephFixedRHSA-2016:299421.12.2016
Red Hat Ceph Storage 1.3 for UbuntuFixedRHSA-2016:299521.12.2016
Red Hat Ceph Storage 2 for Red Hat Enterprise Linux 7cephFixedRHSA-2016:295415.12.2016
Red Hat Ceph Storage 2 for UbuntuFixedRHSA-2016:295615.12.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1403245ceph: Object Gateway server DoS by sending invalid cross-origin HTTP request

EPSS

Процентиль: 95%
0.18013
Средний

6.5 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9579

CVSS3: 6.5
ubuntu
больше 7 лет назад

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

nvd логотип

CVE-2016-9579

CVSS3: 6.5
nvd
больше 7 лет назад

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

debian логотип

CVE-2016-9579

CVSS3: 6.5
debian
больше 7 лет назад

A flaw was found in the way Ceph Object Gateway would process cross-or ...

suse-cvrf логотип

openSUSE-SU-2017:0910-1

suse-cvrf
почти 9 лет назад

Recommended update for ceph

github логотип

GHSA-2594-xrq4-4jm3

CVSS3: 7.5
github
больше 3 лет назад

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

EPSS

Процентиль: 95%
0.18013
Средний

6.5 Medium

CVSS3

5 Medium

CVSS2