Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12059

Опубликовано: 07 апр. 2020
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

A flaw was found in the Ceph Object Gateway S3 API, where it did not properly validate the POST requests. This flaw allows an attacker to perform a denial of service attack using a malicious POST request with specially crafted XML payload, leading to a crash of the RGW process.

Отчет

This issue affects the versions of ceph as shipped with Red Hat Ceph Storage 3, as it does not validate the parameter when reading the tagging field from POST obj XML. Red Hat OpenStack Platform 13 provides only the ceph client library and is not affected by this vulnerability.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 2cephNot affected
Red Hat Ceph Storage 4cephNot affected
Red Hat Enterprise Linux 8cephNot affected
Red Hat OpenStack Platform 13 (Queens)cephNot affected
Red Hat OpenStack Platform 15 (Stein)cephNot affected
Red Hat Ceph Storage 3 - ELScephFixedRHSA-2021:151806.05.2021
Red Hat Ceph Storage 3 - ELSceph-ansibleFixedRHSA-2021:151806.05.2021
Red Hat Ceph Storage 3 - ELScephmetricsFixedRHSA-2021:151806.05.2021
Red Hat Ceph Storage 3 - ELSgrafanaFixedRHSA-2021:151806.05.2021
Red Hat Ceph Storage 3 - ELStcmu-runnerFixedRHSA-2021:151806.05.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1827262ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW

EPSS

Процентиль: 51%
0.00284
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12059

CVSS3: 7.5
ubuntu
почти 6 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

nvd логотип

CVE-2020-12059

CVSS3: 7.5
nvd
почти 6 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

debian логотип

CVE-2020-12059

CVSS3: 7.5
debian
почти 6 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an ...

suse-cvrf логотип

SUSE-SU-2020:1158-1

suse-cvrf
почти 6 лет назад

Security update for ceph

github логотип

GHSA-896g-qc8p-7wrp

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in Ceph through 13.2.9. A POST request with an invalid tagging XML can crash the RGW process by triggering a NULL pointer exception.

EPSS

Процентиль: 51%
0.00284
Низкий

6.5 Medium

CVSS3