Unrated severityNVD Advisory· Published Mar 27, 2019· Updated Aug 4, 2024

CVE-2019-3821

Description

A flaw was found in the way civetweb frontend was handling requests for ceph RGW server with SSL enabled. An unauthenticated attacker could create multiple connections to ceph RADOS gateway to exhaust file descriptors for ceph-radosgw service resulting in a remote denial of service.

Affected products

Civetweb Project/Civetwebinferred
osv-coords2 versions
pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
< 14.2.1.468+g994fd9e0cc-3.3.2+ 1 more
- (no CPE)range: < 14.2.1.468+g994fd9e0cc-3.3.2
- (no CPE)range: < 14.2.1.468+g994fd9e0cc-3.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

usn.ubuntu.com/4035-1/mitrevendor-advisoryx_refsource_UBUNTU
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
github.com/ceph/civetweb/pull/33mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000