ALT-PU-2016-1943-1
Closed vulnerabilities
Published: 2015-12-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.
Severity: MEDIUM (4.3)
References:
Published: 2016-07-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-5009
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2016:3201
- openSUSE-SU-2016:3201
- http://tracker.ceph.com/issues/16297
- http://tracker.ceph.com/issues/16297
- RHSA-2016:1384
- RHSA-2016:1384
- RHSA-2016:1385
- RHSA-2016:1385
- https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
- https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
- https://github.com/ceph/ceph/pull/9700
- https://github.com/ceph/ceph/pull/9700
Published: 2018-07-31
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-8626
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- RHSA-2016:2815
- RHSA-2016:2815
- RHSA-2016:2816
- RHSA-2016:2816
- RHSA-2016:2847
- RHSA-2016:2847
- RHSA-2016:2848
- RHSA-2016:2848
- http://tracker.ceph.com/issues/17635
- http://tracker.ceph.com/issues/17635
- 94488
- 94488
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626
Closed bugs
osd не запускается под systemd
tmpfiles для ceph