CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-8626 – Ceph: RGW Denial of Service by sending null or specially crafted POST object requests
https://notcve.org/view.php?id=CVE-2016-8626
A flaw was found in Red Hat Ceph before 0.94.9-8. The way Ceph Object Gateway handles POST object requests permits an authenticated attacker to launch a denial of service attack by sending null or specially crafted POST object requests. Se ha descubierto un problema en versiones anteriores a la 0.94.9-8 de Red Hat Ceph. La forma en la que Ceph Object Gateway gestiona las peticiones de objeto POST permite que un atacante autenticado lance un ataque de denegación de servicio (DoS) enviando peticiones de objeto POST null o especialmente manipuladas. A flaw was found in the way Ceph Object Gateway handles POST object requests. • http://rhn.redhat.com/errata/RHSA-2016-2815.html http://rhn.redhat.com/errata/RHSA-2016-2816.html http://rhn.redhat.com/errata/RHSA-2016-2847.html http://rhn.redhat.com/errata/RHSA-2016-2848.html http://tracker.ceph.com/issues/17635 http://www.securityfocus.com/bid/94488 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8626 https://access.redhat.com/security/cve/CVE-2016-8626 https://bugzilla.redhat.com/show_bug.cgi?id=1389193 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-7031 – ceph: RGW permits bucket listing when authenticated_users=read
https://notcve.org/view.php?id=CVE-2016-7031
The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. El código RGW en Ceph en versiones anteriores a 10.0.1, cuando la lectura autenticada ACL es aplicada a un compartimento, permite a atacantes remotos listar el contenido del compartimento a través de una URL. A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket. • http://docs.ceph.com/docs/master/release-notes/#v10-0-1 http://rhn.redhat.com/errata/RHSA-2016-1972.html http://rhn.redhat.com/errata/RHSA-2016-1973.html http://tracker.ceph.com/issues/13207 http://www.securityfocus.com/bid/93240 https://github.com/ceph/ceph/pull/6057 https://access.redhat.com/security/cve/CVE-2016-7031 https://bugzilla.redhat.com/show_bug.cgi?id=1372446 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-254: 7PK - Security Features •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-5009 – crash: mon_command crashes ceph monitors on receiving empty prefix
https://notcve.org/view.php?id=CVE-2016-5009
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix. La función handle_command en mon/Monitor.cc en Ceph permite a usuarios remotos autenticados provocar un denegación de servicio (fallo de segmentación y caída del monitor ceph) a través de un prefijo (1) vacío o (2) manipulado. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. • http://lists.opensuse.org/opensuse-updates/2016-12/msg00126.html http://tracker.ceph.com/issues/16297 https://access.redhat.com/errata/RHSA-2016:1384 https://access.redhat.com/errata/RHSA-2016:1385 https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6 https://github.com/ceph/ceph/pull/9700 https://access.redhat.com/security/cve/CVE-2016-5009 https://bugzilla.redhat.com/show_bug.cgi?id=1351453 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5245 – Ceph: RGW returns requested bucket name raw in Bucket response header
https://notcve.org/view.php?id=CVE-2015-5245
CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name. Vulnerabilidad de inyección CRLF en la Ceph Object Gateway (también conocida como radosgw o RGW) en Ceph en versiones anteriores a 0.94.4 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de un nombre de contenedor manipulado. A feature in Ceph Object Gateway (RGW) allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse the load balancer residing in front of RGW, potentially resulting in a denial of service. • http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html http://tracker.ceph.com/issues/12537 https://access.redhat.com/errata/RHSA-2015:2512 https://access.redhat.com/security/cve/CVE-2015-5245 https://bugzilla.redhat.com/show_bug.cgi?id=1261606 • CWE-20: Improper Input Validation •