Описание
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | ceph | Not affected | ||
| Red Hat Ceph Storage 2 | ceph | Not affected | ||
| Red Hat Enterprise Linux 7 | ceph-common | Not affected | ||
| Red Hat Enterprise Linux 8 | ceph | Not affected | ||
| Red Hat Ceph Storage 3.0 | ceph | Fixed | RHSA-2018:0546 | 15.03.2018 |
| Red Hat Ceph Storage 3 for Ubuntu | Fixed | RHSA-2018:0548 | 15.03.2018 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGW ...
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
7.3 High
CVSS3