Описание
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 10.2.2-0ubuntu5 |
| esm-infra-legacy/trusty | released | 0.80.11-0ubuntu1.14.04.3 |
| esm-infra/xenial | not-affected | 10.2.2-0ubuntu0.16.04.2 |
| precise | not-affected | |
| precise/esm | not-affected | |
| trusty | released | 0.80.11-0ubuntu1.14.04.3 |
| trusty/esm | released | 0.80.11-0ubuntu1.14.04.3 |
| upstream | needs-triage | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
5 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
A flaw was found in the way Ceph Object Gateway would process cross-or ...
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
EPSS
5 Medium
CVSS2
6.5 Medium
CVSS3