2018-03-08
ALT-BU-2018-3118-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2018-03-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-7262
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://tracker.ceph.com/issues/23039
- http://tracker.ceph.com/issues/23039
- RHSA-2018:0546
- RHSA-2018:0546
- RHSA-2018:0548
- RHSA-2018:0548
- https://bugzilla.redhat.com/show_bug.cgi?id=1546611
- https://bugzilla.redhat.com/show_bug.cgi?id=1546611
- https://github.com/ceph/ceph/pull/20488
- https://github.com/ceph/ceph/pull/20488
- FEDORA-2018-ed907ef9a0
- FEDORA-2018-ed907ef9a0