ALT-PU-2018-1393-1
Closed vulnerabilities
Published: 2017-12-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-16818
RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.
Severity: MEDIUM (6.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=1515872
- https://bugzilla.redhat.com/show_bug.cgi?id=1515872
- https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
- https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
- FEDORA-2017-97b730736f
- FEDORA-2017-97b730736f
Published: 2018-03-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-7262
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://tracker.ceph.com/issues/23039
- http://tracker.ceph.com/issues/23039
- RHSA-2018:0546
- RHSA-2018:0546
- RHSA-2018:0548
- RHSA-2018:0548
- https://bugzilla.redhat.com/show_bug.cgi?id=1546611
- https://bugzilla.redhat.com/show_bug.cgi?id=1546611
- https://github.com/ceph/ceph/pull/20488
- https://github.com/ceph/ceph/pull/20488
- FEDORA-2018-ed907ef9a0
- FEDORA-2018-ed907ef9a0