Unrated severityNVD Advisory· Published Dec 3, 2015· Updated May 6, 2026

CVE-2015-5245

Description

CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.

Affected products

Red Hat/Ceph
cpe:2.3:a:redhat:ceph:*:*:*:*:*:*:*:*
Range: <=0.94.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.htmlnvdVendor Advisory
tracker.ceph.com/issues/12537nvd
access.redhat.com/errata/RHSA-2015:2512nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000