ID CVE-2019-10222
Summary A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
References
Vulnerable Configurations
  • cpe:2.3:a:ceph:ceph:-:*:*:*:*:*:*:*
    cpe:2.3:a:ceph:ceph:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ceph_storage:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ceph_storage:3.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 04-12-2020 - 18:15)
Impact:
Exploitability:
CWE CWE-755
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • ceph-base-2:12.2.12-48.el7cp
  • ceph-common-2:12.2.12-48.el7cp
  • ceph-debuginfo-2:12.2.12-48.el7cp
  • ceph-fuse-2:12.2.12-48.el7cp
  • ceph-mds-2:12.2.12-48.el7cp
  • ceph-mgr-2:12.2.12-48.el7cp
  • ceph-mon-2:12.2.12-48.el7cp
  • ceph-osd-2:12.2.12-48.el7cp
  • ceph-radosgw-2:12.2.12-48.el7cp
  • ceph-selinux-2:12.2.12-48.el7cp
  • ceph-test-2:12.2.12-48.el7cp
  • libcephfs-devel-2:12.2.12-48.el7cp
  • libcephfs2-2:12.2.12-48.el7cp
  • librados-devel-2:12.2.12-48.el7cp
  • librados2-2:12.2.12-48.el7cp
  • libradosstriper1-2:12.2.12-48.el7cp
  • librbd-devel-2:12.2.12-48.el7cp
  • librbd1-2:12.2.12-48.el7cp
  • librgw-devel-2:12.2.12-48.el7cp
  • librgw2-2:12.2.12-48.el7cp
  • python-cephfs-2:12.2.12-48.el7cp
  • python-rados-2:12.2.12-48.el7cp
  • python-rbd-2:12.2.12-48.el7cp
  • python-rgw-2:12.2.12-48.el7cp
  • rbd-mirror-2:12.2.12-48.el7cp
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222
misc https://tracker.ceph.com/issues/40018
Last major update 04-12-2020 - 18:15
Published 08-11-2019 - 15:15
Last modified 04-12-2020 - 18:15
Back to Top