CVE-2016-9579
ceph: Object Gateway server DoS by sending invalid cross-origin HTTP request
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected.
Se ha encontrado un error en la forma en la que Ceph Object Gateway procesa peticiones HTTP cross-origin si la política CORS está configurada para permitir el origen en un bucket. Un atacante remoto no autenticado podría utilizar este problema para provocar una denegación de servicio (DoS) mediante el envío de una petición HTTP cross-origin especialmente manipulada. Las ramas de Ceph 1.3.x y 2.x se han visto afectadas.
A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-23 CVE Reserved
- 2016-12-16 CVE Published
- 2023-12-23 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94936 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
http://tracker.ceph.com/issues/18187 | 2024-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9579 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2016-2954.html | 2023-02-12 | |
http://rhn.redhat.com/errata/RHSA-2016-2956.html | 2023-02-12 | |
http://rhn.redhat.com/errata/RHSA-2016-2994.html | 2023-02-12 | |
http://rhn.redhat.com/errata/RHSA-2016-2995.html | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2016-9579 | 2016-12-21 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1403245 | 2016-12-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 2.0 Search vendor "Redhat" for product "Ceph Storage" and version "2.0" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Safe
|
Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 2.0 Search vendor "Redhat" for product "Ceph Storage" and version "2.0" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 1.3 Search vendor "Redhat" for product "Ceph Storage" and version "1.3" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Safe
|
Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 1.3 Search vendor "Redhat" for product "Ceph Storage" and version "1.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
Redhat Search vendor "Redhat" | Ceph Storage Search vendor "Redhat" for product "Ceph Storage" | 1.3 Search vendor "Redhat" for product "Ceph Storage" and version "1.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ceph Storage Mon Search vendor "Redhat" for product "Ceph Storage Mon" | 1.3 Search vendor "Redhat" for product "Ceph Storage Mon" and version "1.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ceph Storage Mon Search vendor "Redhat" for product "Ceph Storage Mon" | 2 Search vendor "Redhat" for product "Ceph Storage Mon" and version "2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ceph Storage Osd Search vendor "Redhat" for product "Ceph Storage Osd" | 1.3 Search vendor "Redhat" for product "Ceph Storage Osd" and version "1.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Ceph Storage Osd Search vendor "Redhat" for product "Ceph Storage Osd" | 2 Search vendor "Redhat" for product "Ceph Storage Osd" and version "2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|