Ceph
CVE-2019-10222
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
AnalysisAI
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-755. A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients. Affected products include: Ceph, Redhat Ceph Storage, Fedoraproject Fedora.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manil
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not ve
A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remote
An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr d
An issue was discovered in Ceph through 13.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab
A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attac
In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't han
An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential pr
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vul
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today