CVE-2018-7262

ceph: Unauthenticated malformed HTTP requests handled by rgw_civetweb.cc:RGW::init_env() can lead to denial of service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service.

En Ceph, en versiones anteriores a la 12.2.3 y versiones 13.x hasta la 13.0.1, la función RGWCivetWeb::init_env en rgw_civetweb.cc en radosgw no gestiona las cabeceras HTTP mal formadas adecuadamente, lo que permite una denegación de servicio (DoS).

A NULL pointer dereference flaw was found in RADOS Gateway HTTP request handling when using the Civetweb native webserver. An unauthenticated attacker could crash RADOS Gateway server by sending malicious HTTP requests.

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Issues addressed include a denial of service vulnerability.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-02-20 CVE Reserved
2018-03-19 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (8)

URL	Tag	Source
https://bugzilla.redhat.com/show_bug.cgi?id=1546611	Issue Tracking
https://github.com/ceph/ceph/pull/20488	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tracker.ceph.com/issues/23039	2023-11-07
https://access.redhat.com/errata/RHSA-2018:0546	2023-11-07
https://access.redhat.com/errata/RHSA-2018:0548	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74VI6EPZ6LD2O4JJXJBTYQ4U4VUO2ZDO	2023-11-07
https://access.redhat.com/security/cve/CVE-2018-7262	2018-03-15
https://bugzilla.redhat.com/show_bug.cgi?id=1546610	2018-03-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Ceph Search vendor "Redhat" for product "Ceph"				< 12.2.3 Search vendor "Redhat" for product "Ceph" and version " < 12.2.3"		-		Affected
Redhat Search vendor "Redhat"		Ceph Search vendor "Redhat" for product "Ceph"				13.0.0 Search vendor "Redhat" for product "Ceph" and version "13.0.0"		-		Affected
Redhat Search vendor "Redhat"		Ceph Search vendor "Redhat" for product "Ceph"				13.0.1 Search vendor "Redhat" for product "Ceph" and version "13.0.1"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				27 Search vendor "Fedoraproject" for product "Fedora" and version "27"		-		Affected