ALT-PU-2015-1896-1
Closed vulnerabilities
Published: 2015-12-03
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
- http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html
- http://tracker.ceph.com/issues/12537
- https://access.redhat.com/errata/RHSA-2015:2512
- http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html
- http://tracker.ceph.com/issues/12537
- https://access.redhat.com/errata/RHSA-2015:2512
Published: 2018-07-31
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-8626
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
Severity: MEDIUM (6.8)
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- http://rhn.redhat.com/errata/RHSA-2016-2815.html
- http://rhn.redhat.com/errata/RHSA-2016-2816.html
- http://rhn.redhat.com/errata/RHSA-2016-2847.html
- http://rhn.redhat.com/errata/RHSA-2016-2848.html
- http://tracker.ceph.com/issues/17635
- http://www.securityfocus.com/bid/94488
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626
- http://rhn.redhat.com/errata/RHSA-2016-2815.html
- http://rhn.redhat.com/errata/RHSA-2016-2816.html
- http://rhn.redhat.com/errata/RHSA-2016-2847.html
- http://rhn.redhat.com/errata/RHSA-2016-2848.html
- http://tracker.ceph.com/issues/17635
- http://www.securityfocus.com/bid/94488
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626