// For flags

CVE-2019-3821

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

Se ha encontrado un error en la forma en la que el frontend de civetweb manejaba peticiones para el servidor RGW de ceph con SSL habilitado. Un atacante no autenticado podría crear múltiples conexiones al gateway RADOS de ceph para agotar los descriptores de archivo para el servicio ceph-radosgw, lo que resulta en una denegación de servicio (DoS) remota.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-03-27 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-772: Missing Release of Resource after Effective Lifetime
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ceph
Search vendor "Ceph"
 Civetweb
Search vendor "Ceph" for product "Civetweb"
--
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 18.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 19.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04"
-
Affected