// For flags

CVE-2016-9579

ceph: Object Gateway server DoS by sending invalid cross-origin HTTP request

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.

Se ha encontrado un error en la forma en la que Ceph Object Gateway procesa peticiones HTTP cross-origin si la política CORS está configurada para permitir el origen en un bucket. Un atacante remoto no autenticado podría utilizar este problema para provocar una denegación de servicio (DoS) mediante el envío de una petición HTTP cross-origin especialmente manipulada. Las ramas de Ceph 1.3.x y 2.x se han visto afectadas.

A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.

It was discovered that Ceph incorrectly handled the handle_command function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacker could possibly use this issue to list bucket contents via a URL. Diluga Salome discovered that Ceph incorrectly handled certain POST objects with null conditions. A remote attacker could possibly use this issue to cuase Ceph to crash, resulting in a denial of service. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-11-23 CVE Reserved
  • 2016-12-16 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Ceph Storage
Search vendor "Redhat" for product "Ceph Storage"
 2.0
Search vendor "Redhat" for product "Ceph Storage" and version "2.0"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Safe
Redhat
Search vendor "Redhat"
 Ceph Storage
Search vendor "Redhat" for product "Ceph Storage"
 2.0
Search vendor "Redhat" for product "Ceph Storage" and version "2.0"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ceph Storage
Search vendor "Redhat" for product "Ceph Storage"
 1.3
Search vendor "Redhat" for product "Ceph Storage" and version "1.3"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Safe
Redhat
Search vendor "Redhat"
 Ceph Storage
Search vendor "Redhat" for product "Ceph Storage"
 1.3
Search vendor "Redhat" for product "Ceph Storage" and version "1.3"
-
Affected
in Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 7.0
Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"
-
Safe
Redhat
Search vendor "Redhat"
 Ceph Storage
Search vendor "Redhat" for product "Ceph Storage"
 1.3
Search vendor "Redhat" for product "Ceph Storage" and version "1.3"
-
Affected
Redhat
Search vendor "Redhat"
 Ceph Storage Mon
Search vendor "Redhat" for product "Ceph Storage Mon"
 1.3
Search vendor "Redhat" for product "Ceph Storage Mon" and version "1.3"
-
Affected
Redhat
Search vendor "Redhat"
 Ceph Storage Mon
Search vendor "Redhat" for product "Ceph Storage Mon"
 2
Search vendor "Redhat" for product "Ceph Storage Mon" and version "2"
-
Affected
Redhat
Search vendor "Redhat"
 Ceph Storage Osd
Search vendor "Redhat" for product "Ceph Storage Osd"
 1.3
Search vendor "Redhat" for product "Ceph Storage Osd" and version "1.3"
-
Affected
Redhat
Search vendor "Redhat"
 Ceph Storage Osd
Search vendor "Redhat" for product "Ceph Storage Osd"
 2
Search vendor "Redhat" for product "Ceph Storage Osd" and version "2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected