Skip to main content

Ceph CVE-2015-5245

MEDIUM
2015-12-03 secalert@redhat.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 03, 2015 - 20:59 cve.org
MEDIUM 4.3

DescriptionCVE.org

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.

AnalysisAI

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. Affected products include: Redhat Ceph. Version information: before 0.94.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ceph

View all
CVE-2016-7031 HIGH POC
7.5 Oct 03

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list

CVE-2022-0670 CRITICAL
9.1 Jul 25

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manil

CVE-2020-25660 HIGH
8.8 Nov 23

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not ve

CVE-2018-10861 HIGH
8.1 Jul 10

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-10736 HIGH
8.0 Jun 22

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr d

CVE-2020-12059 HIGH
7.5 Apr 22

An issue was discovered in Ceph through 13.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab

CVE-2020-1699 HIGH
7.5 Apr 21

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph

CVE-2019-10222 HIGH
7.5 Nov 08

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity

CVE-2018-1128 HIGH
7.5 Jul 10

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attac

CVE-2018-7262 HIGH
7.5 Mar 19

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't han

CVE-2021-20288 HIGH
7.2 Apr 15

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability

CVE-2020-27781 HIGH
7.1 Dec 18

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential pr

Share

CVE-2015-5245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy